Network switching architecture with multiple table synchronization, and forwarding of both IP and IPX packets

ABSTRACT

A network switch for network communications includes a first data port interface. The first data port interface supports a plurality of data ports transmitting and receiving data at a first data rate. A second data port interface is provided; the second data port interface supports a plurality of data ports transmitting and receiving data at a second data rate. A CPU interface is provided, with the CPU interface configured to communicate with a CPU. An internal memory is provided, and communicates with the first data port interface and the at least one second data port interface. A memory management unit is provided, and includes an external memory interface for communicating data from at least one of the first data port interface and the second data port interface and an external memory. A communication channel is provided, with the communication channel communicating data and messaging information between the first data port interface, the second data port interface, the internal memory, and the memory management unit. A plurality of semiconductor-implemented lookup tables are provided, with the lookup tables including an address resolution lookup/layer three lookup, rules tables, and VLAN tables. One of the data port interfaces is configured to update the address resolution table based on newly learned layer to addresses. An update to an address table associated with an initial data port interface of the first and second data port interfaces results in the initial data port interface sending a synchronization signal to the other address resolution tables in the network switch. As a result, all address resolution tables on the network switch are synchronized on a per entry basis.

REFERENCE TO RELATED APPLICATIONS

[0001] This application claims priority of U.S. Provisional PatentApplication Serial No. 60/092,220, filed on Jul. 8, 1998, and U.S.Provisional Application No. 60/095,972, filed on Aug. 10, 1998. Thecontents of these provisional applications is hereby incorporated byreference.

BACKGROUND OF THE INVENTION

[0002] 1. Field of the Invention

[0003] The invention relates to a method and apparatus for highperformance switching in local area communications networks such astoken ring, ATM, ethernet, fast ethernet, and gigabit ethernetenvironments, generally known as LANs. In particular, the inventionrelates to a new switching architecture in an integrated, modular,single chip solution, which can be implemented on a semiconductorsubstrate such as a silicon chip.

[0004] 2. Description of the Related Art

[0005] As computer performance has increased in recent years, thedemands on computer networks has significantly increased; fastercomputer processors and higher memory capabilities need networks withhigh bandwidth capabilities to enable high speed transfer of significantamounts of data. The well-known ethernet technology, which is based uponnumerous IEEE ethernet standards, is one example of computer networkingtechnology which has been able to be modified and improved to remain aviable computing technology. A more complete discussion of prior artnetworking systems can be found, for example, in SWITCHED AND FASTETHERNET, by Breyer and Riley (Ziff-Davis, 1996), and numerous IEEEpublications relating to IEEE 802 standards. Based upon the Open SystemsInterconnect (OSI) 7-layer reference model, network capabilities havegrown through the development of repeaters, bridges, routers, and, morerecently, “switches”, which operate with various types of communicationmedia. Thickwire, thinwire, twisted pair, and optical fiber are examplesof media which has been used for computer networks. Switches, as theyrelate to computer networking and to ethernet, are hardware-baseddevices which control the flow of data packets or cells based upondestination address information which is available in each packet. Aproperly designed and implemented switch should be capable of receivinga packet and switching the packet to an appropriate output port at whatis referred to wirespeed or linespeed, which is the maximum speedcapability of the particular network. Basic ethernet wirespeed is up to10 megabits per second, and Fast Ethernet is up to 100 megabits persecond. The newest ethernet is referred to as gigabit ethernet, and iscapable of transmitting data over a network at a rate of up to 1,000megabits per second. As speed has increased, design constraints anddesign requirements have become more and more complex with respect tofollowing appropriate design and protocol rules and providing a lowcost, commercially viable solution. For example, high speed switchingrequires high speed memory to provide appropriate buffering of packetdata; conventional Dynamic Random Access Memory (DRAM) is relativelyslow, and requires hardware-driven refresh. The speed of DRAMs,therefore, as buffer memory in network switching, results in valuabletime being lost, and it becomes almost impossible to operate the switchor the network at linespeed. Furthermore, external CPU involvementshould be avoided, since CPU involvement also makes it almost impossibleto operate the switch at linespeed. Additionally, as network switcheshave become more and more complicated with respect to requiring rulestables and memory control, a complex multi-chip solution is necessarywhich requires logic circuitry, sometimes referred to as glue logiccircuitry, to enable the various chips to communicate with each other.Additionally, cost/benefit tradeoffs are necessary with respect toexpensive but fast SRAMs versus inexpensive but slow DRAMs.Additionally, DRAMs, by virtue of their dynamic nature, requirerefreshing of the memory contents in order to prevent losses thereof.SRAMs do not suffer from the refresh requirement, and have reducedoperational overhead which compared to DRAMs such as elimination of pagemisses, etc. Although DRAMs have adequate speed when accessing locationson the same page, speed is reduced when other pages must be accessed.

[0006] Referring to the OSI 7-layer reference model discussedpreviously, and illustrated in FIG. 7, the higher layers typically havemore information. Various types of products are available for performingswitching-related functions at various levels of the OSI model. Hubs orrepeaters operate at layer one, and essentially copy and “broadcast”incoming data to a plurality of spokes of the hub. Layer twoswitching-related devices are typically referred to as multiportbridges, and are capable of bridging two separate networks. Bridges canbuild a table of forwarding rules based upon which MAC (media accesscontroller) addresses exist on which ports of the bridge, and passpackets which are destined for an address which is located on anopposite side of the bridge. Bridges typically utilize what is known asthe “spanning tree” algorithm to eliminate potential data loops; a dataloop is a situation wherein a packet endlessly loops in a networklooking for a particular address. The spanning tree algorithm defines aprotocol for preventing data loops. Layer three switches, sometimesreferred to as routers, can forward packets based upon the destinationnetwork address. Layer three switches are capable of learning addressesand maintaining tables thereof which correspond to port mappings.Processing speed for layer three switches can be improved by utilizingspecialized high performance hardware, and off loading the host CPU sothat instruction decisions do not delay packet forwarding.

SUMMARY OF THE INVENTION

[0007] A network switch for network communications includes a first dataport interface. The first data port interface supports a plurality ofdata ports transmitting and receiving data at a first data rate. Asecond data port interface is provided; the second data port interfacesupports a plurality of data ports transmitting and receiving data at asecond data rate. A CPU interface is provided, with the CPU interfaceconfigured to communicate with a CPU. An internal memory is provided,and communicates with the first data port interface and the at least onesecond data port interface. A memory management unit is provided, andincludes an external memory interface for communicating data from atleast one of the first data port interface and the second data portinterface and an external memory. A communication channel is provided,with the communication channel communicating data and messaginginformation between the first data port interface, the second data portinterface, the internal memory, and the memory management unit. Aplurality of semiconductor-implemented lookup tables are provided, withthe lookup tables including address resolution lookup/layer threelookup, rules tables, and VLAN tables. One of the first data portinterface and the second data port interface is configured to update theaddress resolution lookup table based upon newly learned layer twoaddresses. An update to an address table associated with an initial dataport interface of the first and second data port interfaces results inthe initial data port interface sending a synchronization signal toother address resolution tables in the network switch. Therefore, alladdress resolution tables on the network switch are synchronized on aper entry basis. A learning and an accessing of an address in theaddress resolution lookup table results in the setting of a hit bit. Thehit bit is unset by the initial data port interface after a firstpredetermined time period. The entry is deleted if the hit bit is notreset for a second predetermined period of time.

[0008] The invention also includes a method of switching data in anetwork switch. The method comprises the steps of receiving an incomingpacket at a first port, then reading a first packet portion, less than afull packet length, to determine particular packet information. Theparticular packet information includes a source address and adestination address. The particular packet information is compared toinformation contained in a lookup table. If a match is made, the packetis modified to include appropriate forwarding and routing informationbased on the matching entry. The packet is then sent on a communicationchannel to a selected memory buffer. If there is no match, theparticular packet information is learned and placed as a second entry inthe lookup table. The packet information is modified to indicate thatthe packet is to be sent to all ports on the network switch. The packetis then sent to the selected memory buffer. The packet is then retrievedfrom the selected memory buffer, and sent to appropriate destinationports as indicated in the modified packet information.

[0009] The invention is also directed to a network switch for networkcommunications containing first and second data port interfaces, a CPUinterface, an internal memory, a memory management unit, an externalmemory interface, and a communication channel as discussed above. Thisembodiment also includes a protocol determining means for determiningwhether an incoming packet is an IP packet or an IPX packet. L3 lookuptables, IP router tables, and IPX router tables are provided. Aconcurrent lookup is performed of the L3 lookup table, and either the IProuter table or the IPX router table, depending upon the determinationof the packet type. If a match is found on the L3 table, the packet isforwarded based on the L3 match. If no match is found on the L3 lookup,then a longest prefix cache lookup is performed on the appropriate IP orIPX router table, and the packet is forwarded based upon the match ofthe longest prefix cache lookup. If no match is provided, then thepacket is forwarded to the CPU interface.

BRIEF DESCRIPTION OF THE DRAWINGS

[0010] The objects and features of the invention will be more readilyunderstood with reference to the following description and the attacheddrawings, wherein:

[0011]FIG. 1 is a general block diagram of elements of the presentinvention;

[0012]FIG. 2 is a more detailed block diagram of a network switchaccording to the present invention;

[0013]FIG. 3 illustrates the data flow on the CPS channel of a networkswitch according to the present invention;

[0014]FIG. 4A illustrates demand priority round robin arbitration foraccess to the C-channel of the network switch;

[0015]FIG. 4B illustrates access to the C-channel based upon the roundrobin arbitration illustrated in FIG. 4A;

[0016]FIG. 5 illustrates P-channel message types;

[0017]FIG. 6 illustrates a message format for S channel message types;

[0018]FIG. 7 is an illustration of the OSI 7 layer reference model;

[0019]FIG. 8 illustrates an operational diagram of an EPIC module;

[0020]FIG. 9 illustrates the slicing of a data packet on the ingress toan EPIC module;

[0021]FIG. 10 is a detailed view of elements of the PMMU;

[0022]FIG. 11 illustrates the CBM cell format;

[0023]FIG. 12 illustrates an internal/external memory admission flowchart;

[0024]FIG. 13 illustrates a block diagram of an egress manager 76illustrated in FIG. 10;

[0025]FIG. 14 illustrates more details of an EPIC module;

[0026]FIG. 15 is a block diagram of a fast filtering processor (FFP);

[0027]FIG. 16 is a block diagram of the elements of CMIC 40;

[0028]FIG. 17 illustrates a series of steps which are used to program anFFP;

[0029]FIG. 18 is a flow chart illustrating the aging process for ARL(L2) and L3 tables; and

[0030]FIG. 19 illustrates communication using a trunk group according tothe present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0031]FIG. 1 illustrates a configuration wherein a switch-on-chip (SOC)10, in accordance with the present invention, is functionally connectedto external devices 11, external memory 12, fast ethernet ports 13, andgigabit ethernet ports 15. For the purposes of this embodiment, fastethernet ports 13 will be considered low speed ethernet ports, sincethey are capable of operating at speeds ranging from 10 Mbps to 100Mbps, while the gigabit ethernet ports 15, which are high speed ethernetports, are capable of operating at 1000 Mbps. External devices 11 couldinclude other switching devices for expanding switching capabilities, orother devices as may be required by a particular application. Externalmemory 12 is additional off-chip memory, which is in addition tointernal memory which is located on SOC 10, as will be discussed below.CPU 52 can be used as necessary to program SOC 10 with rules which areappropriate to control packet processing. However, once SOC 10 isappropriately programmed or configured, SOC 10 operates, as much aspossible, in a free running manner without communicating with CPU 52.Because CPU 52 does not control every aspect of the operation of SOC 10,CPU 52 performance requirements, at least with respect to SOC 10, arefairly low. A less powerful and therefore less expensive CPU 52 cantherefore be used when compared to known network switches. As also willbe discussed below, SOC 10 utilizes external memory 12 in an efficientmanner so that the cost and performance requirements of memory 12 can bereduced. Internal memory on SOC 10, as will be discussed below, is alsoconfigured to maximize switching throughput and minimize costs.

[0032] It should be noted that any number of fast ethernet ports 13 andgigabit ethernet ports 15 can be provided. In one embodiment, a maximumof 24 fast ethernet ports 13 and 2 gigabit ports 15 can be provided.Similarly, additional interconnect links to additional external devices11, external memory 12, and CPUs 52 may be provided as necessary.

[0033]FIG. 2 illustrates a more detailed block diagram of the functionalelements of SOC 10. As evident from FIG. 2 and as noted above, SOC 10includes a plurality of modular systems on-chip, with each modularsystem, although being on the same chip, being functionally separatefrom other modular systems. Therefore, each module can efficientlyoperate in parallel with other modules, and this configuration enables asignificant amount of freedom in updating and re-engineering SOC 10.

[0034] SOC 10 includes a plurality of Ethernet Port InterfaceControllers (EPIC) 20 a, 20 b, 20 c, etc., a plurality of Gigabit PortInterface Controllers (GPIC) 30 a, 30 b, etc., a CPU ManagementInterface Controller (CMIC) 40, a Common Buffer Memory Pool (CBP) 50, aPipelined Memory Management Unit (PMMU) 70, including a Common BufferManager (CBM) 71, and a system-wide bus structure referred to as CPSchannel 80. The PMMU 70 communicates with external memory 12, whichincludes a Global Buffer Memory Pool (GBP) 60. The CPS channel 80comprises C channel 81, P channel 82, and S channel 83. The CPS channelis also referred to as the Cell Protocol Sideband Channel, and is a 17Gbps channel which glues or interconnects the various modules together.As also illustrated in FIG. 2, other high speed interconnects can beprovided, as shown as an extendible high speed interconnect. In oneembodiment of the invention, this interconnect can be in the form of aninterconnect port interface controller (IPIC) 90, which is capable ofinterfacing CPS channel 80 to external devices 11 through an extendiblehigh speed interconnect link. As will be discussed below, each EPIC 20a, 20 b, and 20 c, generally referred to as EPIC 20, and GPIC 30 a and30 b, generally referred to as GPIC 30, are closely interrelated withappropriate address resolution logic and layer three switching tables 21a, 21 b, 21 c, 31 a, 31 b, rules tables 22 a, 22 b, 22 c, 31 a, 31 b,and VLAN tables 23 a, 23 b, 23 c, 31 a, 31 b. These tables will begenerally referred to as 21, 31, 22, 32, 23, 33, respectively. Thesetables, like other tables on SOC 10, are implemented in silicon astwo-dimensional arrays.

[0035] In a preferred embodiment of the invention, each EPIC 20 supports8 fast ethernet ports 13, and switches packets to and/or from theseports as may be appropriate. The ports, therefore, are connected to thenetwork medium (coaxial, twisted pair, fiber, etc.) using known mediaconnection technology, and communicates with the CPS channel 80 on theother side thereof. The interface of each EPIC 20 to the network mediumcan be provided through a Reduced Media Internal Interface (RMII), whichenables the direct medium connection to SOC 10. As is known in the art,auto-negotiation is an aspect of fast ethernet, wherein the network iscapable of negotiating a highest communication speed between a sourceand a destination based on the capabilities of the respective devices.The communication speed can vary, as noted previously, between 10 Mbpsand 100 Mbps; auto negotiation capability, therefore, is built directlyinto each EPIC module. The address resolution logic (ARL) and layerthree tables (ARL/L3) 21 a, 21 b, 21 c, rules table 22 a, 22 b, 22 c,and VLAN tables 23 a, 23 b, and 23 c are configured to be part of orinterface with the associated EPIC in an efficient and expedient manner,also to support wirespeed packet flow.

[0036] Each EPIC 20 has separate ingress and egress functions. On theingress side, self-initiated and CPU-initiated learning of level 2address information can occur. Address resolution logic is utilized toassist in this task. Address aging is built in as a feature, in order toeliminate the storage of address information which is no longer valid oruseful. The EPIC also carries out layer 2 mirroring. A fast filteringprocessor (FFP) 141 (see FIG. 14) is incorporated into the EPIC, inorder to accelerate packet forwarding and enhance packet flow. Theingress side of each EPIC and GPIC, illustrated in FIG. 8 as ingresssubmodule 14, has a significant amount of complexity to be able toproperly process a significant number of different types of packetswhich may come in to the port, for linespeed buffering and thenappropriate transfer to the egress. Functionally, each port on eachmodule of SOC 10 has a separate ingress submodule 14 associatedtherewith. From an implementation perspective, however, in order tominimize the amount of hardware implemented on the single-chip SOC 10,common hardware elements in the silicon will be used to implement aplurality of ingress submodules on each particular module. Theconfiguration of SOC 10 discussed herein enables concurrent lookups andfiltering, and therefore, processing of up to 6.6 million packets persecond. Layer two lookups, Layer three lookups and filtering occursimultaneously to achieve this level of performance. On the egress side,the EPIC is capable of supporting packet polling based either as anegress management or class of service (COS) function.Rerouting/scheduling of packets to be transmitted can occur, as well ashead-of-line (HOL) blocking notification, packet aging, cell reassembly,and other functions associated with ethernet port interface.

[0037] Each GPIC 30 is similar to each EPIC 20, but supports only onegigabit ethernet port, and utilizes a port-specific ARL table, ratherthan utilizing an ARL table which is shared with any other ports.Additionally, instead of an RMII, each GPIC port interfaces to thenetwork medium utilizing a gigabit media independent interface (GMII).

[0038] CMIC 40 acts as a gateway between the SOC 10 and the host CPU.The communication can be, for example, along a PCI bus, or otheracceptable communications bus. CMIC 40 can provide sequential directmapped accesses between the host CPU 52 and the SOC 10. CPU 52, throughthe CMIC 40, will be able to access numerous resources on SOC 10,including MIB counters, programmable registers, status and controlregisters, configuration registers, ARL tables, port-based VLAN tables,IEEE 802.1q VLAN tables, layer three tables, rules tables, CBP addressand data memory, as well as GBP address and data memory. Optionally, theCMIC 40 can include DMA support, DMA chaining and scatter-gather, aswell as master and target PCI64.

[0039] Common buffer memory pool or CBP 50 can be considered to be theon-chip data memory. In one embodiment of the invention, the CBP 50 isfirst level high speed SRAM memory, to maximize performance and minimizehardware overhead requirements. The CBP can have a size of, for example,720 kilobytes running at 132 MHz. Packets stored in the CBP 50 aretypically stored as cells, rather than packets. As illustrated in thefigure, PMMU 70 also contains the Common Buffer Manager (CBM) 71thereupon. CBM 71 handles queue management, and is responsible forassigning cell pointers to incoming cells, as well as assigning commonpacket IDs (CPID) once the packet is fully written into the CBP. CBM 71can also handle management of the on-chip free address pointer pool,control actual data transfers to and from the data pool, and providememory budget management.

[0040] Global memory buffer pool or GBP 60 acts as a second levelmemory, and can be located on-chip or off chip. In the preferredembodiment, GBP 60 is located off chip with respect to SOC 10. Whenlocated off-chip, GBP 60 is considered to be a part of or all ofexternal memory 12. As a second level memory, the GBP does not need tobe expensive high speed SRAMs, and can be a slower less expensive memorysuch as DRAM. The GBP is tightly coupled to the PMMU 70, and operateslike the CBP in that packets are stored as cells. For broadcast andmulticast messages, only one copy of the packet is stored in GBP 60.

[0041] As shown in the figure, PMMU 70 is located between GBP 60 and CPSchannel 80, and acts as an external memory interface. In order tooptimize memory utilization, PMMU 70 includes multiple read and writebuffers, and supports numerous functions including global queuemanagement, which broadly includes assignment of cell pointers forrerouted incoming packets, maintenance of the global FAP, time-optimizedcell management, global memory budget management, GPID assignment andegress manager notification, write buffer management, read prefetchesbased upon egress manager/class of service requests, and smart memorycontrol.

[0042] As shown in FIG. 2, the CPS channel 80 is actually three separatechannels, referred to as the C-channel, the P-channel, and theS-channel. The C-channel is 128 bits wide, and runs at 132 MHz. Packettransfers between ports occur on the C-channel. Since this channel isused solely for data transfer, there is no overhead associated with itsuse. The P-channel or protocol channel is synchronous or locked with theC-channel. During cell transfers, the message header is sent via theP-channel by the PMMU. The P-channel is 32 bits wide, and runs at 132MHz.

[0043] The S or sideband channel runs at 132 MHz, and is 32 bits wide.The S-channel is used for functions such as four conveying Port LinkStatus, receive port full, port statistics, ARL table synchronization,memory and register access to CPU and other CPU management functions,and global memory full and common memory full notification.

[0044] A proper understanding of the operation of SOC 10 requires aproper understanding of the operation of CPS channel 80. Referring toFIG. 3, it can be seen that in SOC 10, on the ingress, packets aresliced by an EPIC 20 or GPIC 30 into 64-byte cells. The use of cellson-chip instead of packets makes it easier to adapt the SOC to work withcell based protocols such as, for example, Asynchronous Transfer Mode(ATM). Presently, however, ATM utilizes cells which are 53 bytes long,with 48 bytes for payload and 5 bytes for header. In the SOC, incomingpackets are sliced into cells which are 64 bytes long as discussedabove, and the cells are further divided into four separate 16 byte cellblocks Cn0 . . . Cn3. Locked with the C-channel is the P-channel, whichlocks the opcode in synchronization with Cn0. A port bitmap is insertedinto the P-channel during the phase Cn1. The untagged bit map isinserted into the P-channel during phase Cn2, and a time stamp is placedon the P-channel in Cn3. Independent from occurrences on the C andP-channel, the S-channel is used as a sideband, and is thereforedecoupled from activities on the C and P-channel.

[0045] Cell or C-Channel

[0046] Arbitration for the CPS channel occurs out of band. Every module(EPIC, GPIC, etc.) monitors the channel, and matching destination portsrespond to appropriate transactions. C-channel arbitration is a demandpriority round robin arbitration mechanism. If no requests are active,however, the default module, which can be selected during theconfiguration of SOC 10, can park on the channel and have completeaccess thereto. If all requests are active, the configuration of SOC 10is such that the PMMU is granted access every other cell cycle, andEPICs 20 and GPICs 30 share equal access to the C-channel on a roundrobin basis. FIGS. 4A and 4B illustrate a C-channel arbitrationmechanism wherein section A is the PMMU, and section B consists of twoGPICs and three EPICs. The sections alternate access, and since the PMMUis the only module in section A, it gains access every other cycle. Themodules in section B, as noted previously, obtain access on a roundrobin basis.

[0047] Protocol or P-Channel

[0048] Referring once again to the protocol or P-channel, a plurality ofmessages can be placed on the P-channel in order to properly direct flowof data flowing on the C-channel. Since P-channel 82 is 32 bits wide,and a message typically requires 128 bits, four smaller 32 bit messagesare put together in order to form a complete P-channel message. Thefollowing list identifies the fields and function and the various bitcounts of the 128 bit message on the P-channel.

[0049] Opcode—2 bits long—Identifies the type of message present on theC channel 81;

[0050] IP Bit—1 bit long—This bit is set to indicate that the packet isan IP switched packet;

[0051] IPX Bit—1 bit long—This bit is set to indicate that the packet isan IPX switched packet;

[0052] Next Cell—2 bits long—A series of values to identify the validbytes in the corresponding cell on the C channel 81;

[0053] SRC DEST Port—6 bits long—Defines the port number which sends themessage or receives the message, with the interpretation of the sourceor destination depending upon Opcode;

[0054] Cos—3 bits long—Defines class of service for the current packetbeing processed;

[0055] J—1 bit long—Describes whether the current packet is a jumbopacket;

[0056] S—1 bit long—Indicates whether the current cell is the first cellof the packet;

[0057] E—1 bit long—Indicates whether the current cell is the last cellof the packet;

[0058] CRC—2 bits long—Indicates whether a Cyclical Redundancy Check(CRC) value should be appended to the packet and whether a CRC valueshould be regenerated;

[0059] P Bit—1 bit long—Determines whether MMU should Purge the entirepacket;

[0060] Len—7 bytes—Identifies the valid number of bytes in currenttransfer;

[0061] O—2 bits—Defines an optimization for processing by the CPU 52;and

[0062] Bc/Mc Bitmap—28 bits—Defines the broadcast or multicast bitmap.Identifies egress ports to which the packet should be set, regardingmulticast and broadcast messages.

[0063] Untag Bits/Source Port—28/5 bits long—Depending upon Opcode, thepacket is transferred from Port to MMU, and this field is interpreted asthe untagged bit map. A different Opcode selection indicates that thepacket is being transferred from MMU to egress port, and the last sixbits of this field is interpreted as the Source Port field. The untaggedbits identifies the egress ports which will strip the tag header, andthe source port bits identifies the port number upon which the packethas entered the switch;

[0064] U Bit—1 bit long—For a particular Opcode selection (0x01, thisbit being set indicates that the packet should leave the port asUntagged; in this case, tag stripping is performed by the appropriateMAC;

[0065] CPU Opcode—18 bits long—These bits are set if the packet is beingsent to the CPU for any reason. Opcodes are defined based upon filtermatch, learn bits being set, routing bits, destination lookup failure(DLF), station movement, etc;

[0066] Time Stamp—14 bits—The system puts a time stamp in this fieldwhen the packet arrives, with a granularity of 1 μsec.

[0067] The opcode field of the P-channel message defines the type ofmessage currently being sent. While the opcode is currently shown ashaving a width of 2 bits, the opcode field can be widened as desired toaccount for new types of messages as may be defined in the future.Graphically, however, the P-channel message type defined above is shownin FIG. 5.

[0068] An early termination message is used to indicate to CBM 71 thatthe current packet is to be terminated. During operation, as discussedin more detail below, the status bit (S) field in the message is set toindicate the desire to purge the current packet from memory. Also inresponse to the status bit all applicable egress ports would purge thecurrent packet prior to transmission.

[0069] The Src Dest Port field of the P-channel message, as statedabove, define the destination and source port addresses, respectively.Each field is 6 bits wide and therefore allows for the addressing ofsixty-four ports.

[0070] The CRC field of the message is two bits wide and defines CRCactions. Bit 0 of the field provides an indication whether theassociated egress port should append a CRC to the current packet. Anegress port would append a CRC to the current packet when bit 0 of theCRC field is set to a logical one. Bit 1 of the CRC field provides anindication whether the associated egress port should regenerate a CRCfor the current packet. An egress port would regenerate a CRC when bit 1of the CRC field is set to a logical one. The CRC field is only validfor the last cell transmitted as defined by the E bit field of P-channelmessage set to a logical one.

[0071] As with the CRC field, the status bit field (st), the Len field,and the Cell Count field of the message are only valid for the last cellof a packet being transmitted as defined by the E bit field of themessage.

[0072] Last, the time stamp field of the message has a resolution of 1μs and is valid only for the first cell of the packet defined by the Sbit field of the message. A cell is defined as the first cell of areceived packet when the S bit field of the message is set to a logicalone value.

[0073] As is described in more detail below, the C channel 81 and the Pchannel 82 are synchronously tied together such that data on C channel81 is transmitted over the CPS channel 80 while a corresponding Pchannel message is simultaneously transmitted.

[0074] S-Channel or Sideband Channel

[0075] The S channel 83 is a 32-bit wide channel which provides aseparate communication path within the SOC 10. The S channel 83 is usedfor management by CPU 52, SOC 10 internal flow control, and SOC 10inter-module messaging. The S channel 83 is a sideband channel of theCPS channel 80, and is electrically and physically isolated from the Cchannel 81 and the P channel 82. It is important to note that since theS channel is separate and distinct from the C channel 81 and the Pchannel 82, operation of the S channel 83 can continue withoutperformance degradation related to the C channel 81 and P channel 82operation. Conversely, since the C channel is not used for thetransmission of system messages, but rather only data, there is nooverhead associated with the C channel 81 and, thus, the C channel 81 isable to free-run as needed to handle incoming and outgoing packetinformation.

[0076] The S channel 83 of CPS channel 80 provides a system widecommunication path for transmitting system messages, for example,providing the CPU 52 with access to the control structure of the SOC 10.System messages include port status information, including port linkstatus, receive port full, and port statistics, ARL table 22synchronization, CPU 52 access to GBP 60 and CBP 50 memory buffers andSOC 10 control registers, and memory full notification corresponding toGBP 60 and/or CBP 50.

[0077]FIG. 6 illustrates a message format for an S channel message on Schannel 83. The message is formed of four 32-bit words; the bits of thefields of the words are defined as follows:

[0078] Opcode—6 bits long—Identifies the type of message present on theS channel;

[0079] Dest Port—6 bits long—Defines the port number to which thecurrent S channel message is addressed;

[0080] Src Port—6 bits long—Defines the port number of which the currentS channel message originated;

[0081] COS—3 bits long—Defines the class of service associated with thecurrent S channel message; and

[0082] C bit—1 bit long—Logically defines whether the current S channelmessage is intended for the CPU 52.

[0083] Error Code—2 bits long—Defines a valid error when the E bit isset;

[0084] DataLen—7 bits long—Defines the total number of data bytes in theData field;

[0085] E bit—1 bit long—Logically indicates whether an error hasoccurred in the execution of the current command as defined by opcode;

[0086] Address—32 bits long—Defines the memory address associated withthe current command as defined in opcode;

[0087] Data—0-127 bits long—Contains the data associated with thecurrent opcode.

[0088] With the configuration of CPS channel 80 as explained above, thedecoupling of the S channel from the C channel and the P channel is suchthat the bandwidth on the C channel can be preserved for cell transfer,and that overloading of the C channel does not affect communications onthe sideband channel.

[0089] SOC Operation

[0090] The configuration of the SOC 10 supports fast ethernet ports,gigabit ports, and extendible interconnect links as discussed above. TheSOC configuration can also be “stacked”, thereby enabling significantport expansion capability. Once data packets have been received by SOC10, sliced into cells, and placed on CPS channel 80, stacked SOC modulescan interface with the CPS channel and monitor the channel, and extractappropriate information as necessary. As will be discussed below, asignificant amount of concurrent lookups and filtering occurs as thepacket comes in to ingress submodule 14 of an EPIC 20 or GPIC 30, withrespect to layer two and layer three lookups, and fast filtering.

[0091] Now referring to FIGS. 8 and 9, the handling of a data packet isdescribed. For explanation purposes, ethernet data to be received willconsider to arrive at one of the ports 24 a of EPIC 20 a. It will bepresumed that the packet is intended to be transmitted to a user on oneof ports 24 c of EPIC 20 c. All EPICs 20 (20 a, 20 b, 20 c, etc.) havesimilar features and functions, and each individually operate based onpacket flow.

[0092] An input data packet 112 is applied to the port 24 a is shown.The data packet 112 is, in this example, defined per the currentstandards for 10/100 Mbps Ethernet transmission and may have any lengthor structure as defined by that standard. This discussion will assumethe length of the data packet 112 to be 1024 bits or 128 bytes.

[0093] When the data packet 112 is received by the EPIC module 20 a, aningress sub-module 14 a, as an ingress function, determines thedestination of the packet 112. The first 64 bytes of the data packet 112is buffered by the ingress sub-module 14 a and compared to data storedin the lookup tables 21 a to determine the destination port 24 c. Alsoas an ingress function, the ingress sub-module 14 a slices the datapacket 112 into a number of 64-byte cells; in this case, the 128 bytepacket is sliced in two 64 byte cells 112 a and 112 b. While the datapacket 112 is shown in this example to be exactly two 64-byte cells 112a and 112 b, an actual incoming data packet may include any number ofcells, with at least one cell of a length less than 64 bytes. Paddingbytes are used to fill the cell. In such cases the ingress sub-module 14a disregards the padding bytes within the cell. Further discussions ofpacket handling will refer to packet 112 and/or cells 112 a and 112 b.

[0094] It should be noted that each EPIC 20 (as well as each GPIC 30)has an ingress submodule 14 and egress submodule 16, which provide portspecific ingress and egress functions. All incoming packet processingoccurs in ingress submodule 14, and features such as the fast filteringprocessor, layer two (L2) and layer three (L3) lookups, layer twolearning, both self-initiated and CPU 52 initiated, layer two tablemanagement, layer two switching, packet slicing, and channel dispatchingoccurs in ingress submodule 14. After lookups, fast filter processing,and slicing into cells, as noted above and as will be discussed below,the packet is placed from ingress submodule 14 into dispatch unit 18,and then placed onto CPS channel 80 and memory management is handled byPMMU 70. A number of ingress buffers are provided in dispatch unit 18 toensure proper handling of the packets/cells. Once the cells orcellularized packets are placed onto the CPS channel 80, the ingresssubmodule is finished with the packet. The ingress is not involved withdynamic memory allocation, or the specific path the cells will taketoward the destination. Egress submodule 16, illustrated in FIG. 8 assubmodule 16 a of EPIC 20 a, monitors CPS channel 80 and continuouslylooks for cells destined for a port of that particular EPIC 20. When thePMMU 70 receives a signal that an egress associated with a destinationof a packet in memory is ready to receive cells, PMMU 70 pulls the cellsassociated with the packet out of the memory, as will be discussedbelow, and places the cells on CPS channel 80, destined for theappropriate egress submodule. A FIFO in the egress submodule 16continuously sends a signal onto the CPS channel 80 that it is ready toreceive packets, when there is room in the FIFO for packets or cells tobe received. As noted previously, the CPS channel 80 is configured tohandle cells, but cells of a particular packet are always handledtogether to avoid corrupting of packets.

[0095] In order to overcome data flow degradation problems associatedwith overhead usage of the C channel 81, all L2 learning and L2 tablemanagement is achieved through the use of the S channel 83. L2self-initiated learning is achieved by deciphering the source address ofa user at a given ingress port 24 utilizing the packet's associatedaddress. Once the identity of the user at the ingress port 24 isdetermined, the ARL/L3 tables 21 a are updated to reflect the useridentification. The ARL/L3 tables 21 of each other EPIC 20 and GPIC 30are updated to reflect the newly acquired user identification in asynchronizing step, as will be discussed below. As a result, while theingress of EPIC 20 a may determine that a given user is at a given port24 a, the egress of EPIC 20 b, whose table 21 b has been updated withthe user's identification at port 24 a, can then provide information tothe User at port 24 a without re-learning which port the user wasconnected.

[0096] Table management may also be achieved through the use of the CPU52. CPU 52, via the CMIC 40, can provide the SOC 10 with softwarefunctions which result in the designation of the identification of auser at a given port 24. As discussed above, it is undesirable for theCPU 52 to access the packet information in its entirety since this wouldlead to performance degradation. Rather, the SOC 10 is programmed by theCPU 52 with identification information concerning the user. The SOC 10can maintain real-time data flow since the table data communicationbetween the CPU 52 and the SOC 10 occurs exclusively on the S channel83. While the SOC 10 can provide the CPU 52 with direct packetinformation via the C channel 81, such a system setup is undesirable forthe reasons set forth above. As stated above, as an ingress function anaddress resolution lookup is performed by examining the ARL table 21 a.If the packet is addressed to one of the layer three (L3) switches ofthe SOC 10, then the ingress sub-module 14 a performs the L3 and defaulttable lookup. Once the destination port has been determined, the EPIC 20a sets a ready flag in the dispatch unit 18 a which then arbitrates forC channel 81.

[0097] The C channel 81 arbitration scheme, as discussed previously andas illustrated in FIGS. 4A and 4B, is Demand Priority Round-Robin. EachI/O module, EPIC 20, GPIC 30, and CMIC 40, along with the PMMU 70, caninitiate a request for C channel access. If no requests exist at any onegiven time, a default module established with a high priority getscomplete access to the C channel 81. If any one single I/O module or thePMMU 70 requests C channel 81 access, that single module gains access tothe C channel 81 on-demand.

[0098] If EPIC modules 20 a, 20 b, 20 c, and GPIC modules 30 a and 30 b,and CMIC 40 simultaneously request C channel access, then access isgranted in round-robin fashion. For a given arbitration time period eachof the I/O modules would be provided access to the C channel 81. Forexample, each GPIC module 30 a and 30 b would be granted access,followed by the EPIC modules, and finally the CMIC 40. After everyarbitration time period the next I/O module with a valid request wouldbe given access to the C channel 81. This pattern would continue as longas each of the I/O modules provide an active C channel 81 accessrequest.

[0099] If all the I/O modules, including the PMMU 70, request C channel81 access, the PMMU 70 is granted access as shown in FIG. 4B since thePMMU provides a critical data path for all modules on the switch. Upongaining access to the channel 81, the dispatch unit 18 a proceeds inpassing the received packet 112, one cell at a time, to C channel 81.

[0100] Referring again to FIG. 3, the individual C, P, and S channels ofthe CPS channel 80 are shown. Once the dispatch unit 18 a has been givenpermission to access the CPS channel 80, during the first time periodCn0, the dispatch unit 18 a places the first 16 bytes of the first cell112 a of the received packet 112 on the C channel 81. Concurrently, thedispatch unit 18 a places the first P channel message corresponding tothe currently transmitted cell. As stated above, the first P channelmessage defines, among other things, the message type. Therefore, thisexample is such that the first P channel message would define thecurrent cell as being a unicast type message to be directed to thedestination egress port 21 c.

[0101] During the second clock cycle Cn1, the second 16 bytes (16:31) ofthe currently transmitted data cell 112 a are placed on the C channel81. Likewise, during the second clock cycle Cn1, the Bc/Mc Port Bitmapis placed on the P channel 82.

[0102] As indicated by the hatching of the S channel 83 data during thetime periods Cn0 to Cn3 in FIG. 3, the operation of the S channel 83 isdecoupled from the operation of the C channel 81 and the P channel 82.For example, the CPU 52, via the CMIC 40, can pass system level messagesto non-active modules while an active module passes cells on the Cchannel 81. As previously stated, this is an important aspect of the SOC10 since the S channel operation allows parallel task processing,permitting the transmission of cell data on the C channel 81 inreal-time. Once the first cell 112 a of the incoming packet 112 isplaced on the CPS channel 80 the PMMU 70 determines whether the cell isto be transmitted to an egress port 21 local to the SOC 10.

[0103] If the PMMU 70 determines that the current cell 112 a on the Cchannel 81 is destined for an egress port of the SOC 10, the PMMU 70takes control of the cell data flow.

[0104]FIG. 10 illustrates, in more detail, the functional egress aspectsof PMMU 70. PMMU 70 includes CBM 71, and interfaces between the GBP, CBPand a plurality of egress managers (EgM) 76 of egress submodule 18, withone egress manager 76 being provided for each egress port. CBM 71 isconnected to each egress manager 76, in a parallel configuration, via Rchannel data bus 77. R channel data bus 77 is a 32-bit wide bus used byCBM 71 and egress managers 76 in the transmission of memory pointers andsystem messages. Each egress manager 76 is also connected to CPS channel80, for the transfer of data cells 112 a and 112 b.

[0105] CBM 71, in summary, performs the functions of on-chip FAP (freeaddress pool) management, transfer of cells to CBP 50, packet assemblyand notification to the respective egress managers, rerouting of packetsto GBP 60 via a global buffer manager, as well as handling packet flowfrom the GBP 60 to CBP 50. Memory clean up, memory budget management,channel interface, and cell pointer assignment are also functions of CBM71. With respect to the free address pool, CBM 71 manages the freeaddress pool and assigns free cell pointers to incoming cells. The freeaddress pool is also written back by CBM 71, such that the released cellpointers from various egress managers 76 are appropriately cleared.Assuming that there is enough space available in CBP 50, and enough freeaddress pointers available, CBM 71 maintains at least two cell pointersper egress manager 76 which is being managed. The first cell of a packetarrives at an egress manager 76, and CBM 71 writes this cell to the CBMmemory allocation at the address pointed to by the first pointer. In thenext cell header field, the second pointer is written. The format of thecell as stored in CBP 50 is shown in FIG. 11; each line is 18 byteswide. Line 0 contains appropriate information with respect to first celland last cell information, broadcast/multicast, number of egress portsfor broadcast or multicast, cell length regarding the number of validbytes in the cell, the next cell pointer, total cell count in thepacket, and time stamp. The remaining lines contain cell data as 64 bytecells. The free address pool within PMMU 70 stores all free pointers forCBP 50. Each pointer in the free address pool points to a 64-byte cellin CBP 50; the actual cell stored in the CBP is a total of 72 bytes,with 64 bytes being byte data, and 8 bytes of control information.Functions such as HOL blocking high and low watermarks, out queue budgetregisters, CPID assignment, and other functions are handled in CBM 71,as explained herein.

[0106] When PMMU 70 determines that cell 112 a is destined for anappropriate egress port on SOC 10, PMMU 70 controls the cell flow fromCPS channel 80 to CBP 50. As the data packet 112 is received at PMMU 70from CPS 80, CBM 71 determines whether or not sufficient memory isavailable in CBP 50 for the data packet 112. A free address pool (notshown) can provide storage for at least two cell pointers per egressmanager 76, per class of service. If sufficient memory is available inCBP 50 for storage and identification of the incoming data packet, CBM71 places the data cell information on CPS channel 80. The data cellinformation is provided by CBM 71 to CBP 50 at the assigned address. Asnew cells are received by PMMU 70, CBM 71 assigns cell pointers. Theinitial pointer for the first cell 112 a points to the egress manager 76which corresponds to the egress port to which the data packet 112 willbe sent after it is placed in memory. In the example of FIG. 8, packetscome in to port 24 a of EPIC 20 a, and are destined for port 24 c ofEPIC 20 c. For each additional cell 112 b, CBM 71 assigns acorresponding pointer. This corresponding cell pointer is stored as atwo byte or 16 bit value NC_header, in an appropriate place on a controlmessage, with the initial pointer to the corresponding egress manager76, and successive cell pointers as part of each cell header, a linkedlist of memory pointers is formed which defines packet 112 when thepacket is transmitted via the appropriate egress port, in this case 24c. Once the packet is fully written into CBP 50, a corresponding CBPPacket Identifier (CPID) is provided to the appropriate egress manager76; this CPID points to the memory location of initial cell 112 a. TheCPID for the data packet is then used when the data packet 112 is sentto the destination egress port 24 c. In actuality, the CBM 71 maintainstwo buffers containing a CBP cell pointer, with admission to the CBPbeing based upon a number of factors. An example of admission logic forCBP 50 will be discussed below with reference to FIG. 12.

[0107] Since CBM 71 controls data flow within SOC 10, the data flowassociated with any ingress port can likewise be controlled. When packet112 has been received and stored in CBP 50, a CPID is provided to theassociated egress manager 76. The total number of data cells associatedwith the data packet is stored in a budget register (not shown). As moredata packets 112 are received and designated to be sent to the sameegress manager 76, the value of the budget register corresponding to theassociated egress manager 76 is incremented by the number of data cells112 a, 112 b of the new data cells received. The budget registertherefore dynamically represents the total number of cells designated tobe sent by any specific egress port on an EPIC 20. CBM 71 controls theinflow of additional data packets by comparing the budget register to ahigh watermark register value or a low watermark register value, for thesame egress.

[0108] When the value of the budget register exceeds the high watermarkvalue, the associated ingress port is disabled. Similarly, when datacells of an egress manager 76 are sent via the egress port, and thecorresponding budget register decreases to a value below the lowwatermark value, the ingress port is once again enabled. When egressmanager 76 initiates the transmission of packet 112, egress manager 76notifies CBM 71, which then decrements the budget register value by thenumber of data cells which are transmitted. The specific high watermarkvalues and low watermark values can be programmed by the user via CPU52. This gives the user control over the data flow of any port on anyEPIC 20 or GPIC 30.

[0109] Egress manager 76 is also capable of controlling data flow. Eachegress manager 76 is provided with the capability to keep track ofpacket identification information in a packet pointer budget register;as a new pointer is received by egress manager 76, the associated packetpointer budget register is incremented. As egress manager 76 sends out adata packet 112, the packet pointer budget register is decremented. Whena storage limit assigned to the register is reached, corresponding to afull packet identification pool, a notification message is sent to allingress ports of the SOC 10, indicating that the destination egress portcontrolled by that egress manager 76 is unavailable. When the packetpointer budget register is decremented below the packet pool highwatermark value, a notification message is sent that the destinationegress port is now available. The notification messages are sent by CBM71 on the S channel 83.

[0110] As noted previously, flow control may be provided by CBM 71, andalso by ingress submodule 14 of either an EPIC 20 or GPIC 30. Ingresssubmodule 14 monitors cell transmission into ingress port 24. When adata packet 112 is received at an ingress port 24, the ingress submodule14 increments a received budget register by the cell count of theincoming data packet. When a data packet 112 is sent, the correspondingingress 14 decrements the received budget register by the cell count ofthe outgoing data packet 112. The budget register 72 is decremented byingress 14 in response to a decrement cell count message initiated byCBM 71, when a data packet 112 is successfully transmitted from CBP 50.

[0111] Efficient handling of the CBP and GBP is necessary in order tomaximize throughput, to prevent port starvation, and to prevent portunderrun. For every ingress, there is a low watermark and a highwatermark; if cell count is below the low watermark, the packet isadmitted to the CBP, thereby preventing port starvation by giving theport an appropriate share of CBP space.

[0112]FIG. 12 generally illustrates the handling of a data packet 112when it is received at an appropriate ingress port. This figureillustrates dynamic memory allocation on a single port, and isapplicable for each ingress port. In step 12-1, packet length isestimated by estimating cell count based upon egress manager count plusincoming cell count. After this cell count is estimated, the GBP currentcell count is checked at step 12-2 to determine whether or not the GBP60 is empty. If the GBP cell count is 0, indicating that GBP 60 isempty, the method proceeds to step 12-3, where it is determined whetheror not the estimated cell count from step 12-1 is less than theadmission low watermark. The admission low watermark value enables thereception of new packets 112 into CBP 50 if the total number of cells inthe associated egress is below the admission low watermark value. Ifyes, therefore, the packet is admitted at step 12-5. If the estimatedcell count is not below the admission low watermark, CBM 71 thenarbitrates for CBP memory allocation with other ingress ports of otherEPICs and GPICs, in step 12-4. If the arbitration is unsuccessful, theincoming packet is sent to a reroute process, referred to as A. If thearbitration is successful, then the packet is admitted to the CBP atstep 12-5. Admission to the CBP is necessary for linespeed communicationto occur.

[0113] The above discussion is directed to a situation wherein the GBPcell count is determined to be 0. If in step 12-2 the GBP cell count isdetermined not to be 0, then the method proceeds to step 12-6, where theestimated cell count determined in step 12-1 is compared to theadmission high watermark. If the answer is no, the packet is rerouted toGBP 60 at step 12-7. If the answer is yes, the estimated cell count isthen compared to the admission low watermark at step 12-8. If the answeris no, which means that the estimated cell count is between the highwatermark and the low watermark, then the packet is rerouted to GBP 60at step 12-7. If the estimated cell count is below the admission lowwatermark, the GBP current count is compared with a reroute cell limitvalue at step 12-9. This reroute cell limit value is user programmablethrough CPU 52. If the GBP count is below or equal to the reroute celllimit value at step 12-9, the estimated cell count and GBP count arecompared with an estimated cell count low watermark; if the combinationof estimated cell count and GBP count are less than the estimated cellcount low watermark, the packet is admitted to the CBP. If the sum isgreater than the estimated cell count low watermark, then the packet isrerouted to GBP 60 at step 12-7. After rerouting to GBP 60, the GBP cellcount is updated, and the packet processing is finished. It should benoted that if both the CBP and the GBP are full, the packet is dropped.Dropped packets are handled in accordance with known ethernet or networkcommunication procedures, and have the effect of delaying communication.However, this configuration applies appropriate back pressure by settingwatermarks, through CPU 52, to appropriate buffer values on a per portbasis to maximize memory utilization. This CBP/GBP admission logicresults in a distributed hierarchical shared memory configuration, witha hierarchy between CBP 50 and GBP 60, and hierarchies within the CBP.

[0114] Address Resolution (L2)+(L3)

[0115]FIG. 14 illustrates some of the concurrent filtering and look-updetails of a packet coming into the ingress side of an EPIC 20. FIG. 12,as discussed previously, illustrates the handling of a data packet withrespect to admission into the distributed hierarchical shared memory.FIG. 14 addresses the application of filtering, address resolution, andrules application segments of SOC 10. These functions are performedsimultaneously with respect to the CBP admission discussed above. Asshown in the figure, packet 112 is received at input port 24 of EPIC 20.It is then directed to input FIFO 142. As soon as the first sixteenbytes of the packet arrive in the input FIFO 142, an address resolutionrequest is sent to ARL engine 143; this initiates lookup in ARL/L3tables 21.

[0116] A description of the fields of an ARL table of ARL/L3 tables 21is as follows:

[0117] Mac Address—48 bits long—Mac Address;

[0118] VLAN tag—12 bits long—VLAN Tag Identifier as described in IEEE802.1q standard for tagged packets. For an untagged Packet, this valueis picked up from Port Based VLAN Table.

[0119] CosDst—3 bits long—Class of Service based on the DestinationAddress. COS identifies the priority of this packet. 8 levels ofpriorities as described in IEEE 802.1p standard.

[0120] Port Number—6 bits long—Port Number is the port on which this Macaddress is learned.

[0121] SD_Disc Bits—2 bits long—These bits identifies whether the packetshould be discarded based on Source Address or Destination Address.Value 1 means discard on source. Value 2 means discard on destination.

[0122] C bit—1 bit long—C Bit identifies that the packet should be givento CPU Port.

[0123] St Bit—1 bit long—St Bit identifies that this is a static entry(it is not learned Dynamically) and that means is should not be agedout. Only CPU 52 can delete this entry.

[0124] Ht Bit—1 bit long—Hit Bit—This bit is set if there is match withthe Source Address. It is used in the aging Mechanism.

[0125] CosSrc—3 bits long—Class of Service based on the Source Address.COS identifies the priority of this packet.

[0126] L3 Bit—1 bit long—L3 Bit—identifies that this entry is created asresult of L3 Interface Configuration. The Mac address in this entry isL3 interface Mac Address and that any Packet addresses to this MacAddress need to be routed.

[0127] T Bit—1 bit long—T Bit identifies that this Mac address islearned from one of the Trunk Ports. If there is a match on Destinationaddress then output port is not decided on the Port Number in thisentry, but is decided by the Trunk Identification Process based on therules identified by the RTAG bits and the Trunk group Identified by theTGID.

[0128] TGID—3 bits long—TGID identifies the Trunk Group if the T Bit isset. SOC 10 supports 6 Trunk Groups per switch.

[0129] RTAG—3 bits long—RTAG identifies the Trunk selection criterion ifthe destination address matches this entry and the T bit is set in thatentry. Value 1—based on Source Mac Address. Value 2—based on DestinationMac Address. Value 3—based on Source & destination Address. Value4—based on Source IP Address. Value 5—based on Destination IP Address.Value 6—based on Source and Destination IP Address.

[0130] S C P—1 bit long—Source CoS Priority Bit—If this bit is set (inthe matched Source Mac Entry) then Source CoS has priority overDestination Cos.

[0131] It should also be noted that VLAN tables 23 include a number oftable formats; all of the tables and table formats will not be discussedhere.

[0132] However, as an example, the port based VLAN table fields aredescribed as follows:

[0133] Port VLAN Id—12 bits long—Port VLAN Identifier is the VLAN Idused by Port Based VLAN.

[0134] Sp State—2 bits long—This field identifies the current SpanningTree State. Value 0x00—Port is in Disable State. No packets are acceptedin this state, not even BPDUs. Value 0x01—Port is in Blocking orListening State. In this state no packets are accepted by the port,except BPDUs. Value 0x02—Port is in Learning State. In this state thepackets are not forwarded to another Port but are accepted for learning.Value 0x03—Port is in Forwarding State. In this state the packets areaccepted both for learning and forwarding.

[0135] Port Discard Bits—6 bits long—There are 6 bits in this field andeach bit identifies the criterion to discard the packets coming in thisport. Note: Bits 0 to 3 are not used. Bit 4—If this bit is set then allthe frames coming on this port will be discarded. Bit 5—If this bit isset then any 802.1q Priority Tagged (vid=0) and Untagged frame coming onthis port will be discarded.

[0136] J Bit—1 bit long—J Bit means Jumbo bit. If this bit is set thenthis port should accept Jumbo Frames.

[0137] RTAG—3 bits long—RTAG identifies the Trunk selection criterion ifthe destination address matches this entry and the T bit is set in thatentry. Value 1—based on Source Mac Address. Value 2—based on DestinationMac Address. Value 3—based on Source & destination Address. Value4—based on Source IP Address. Value 5—based on Destination IP Address.Value 6—based on Source and Destination IP Address.

[0138] T Bit—1 bit long—This bit identifies that the Port is a member ofthe Trunk Group.

[0139] C Learn Bit—1 bit long—Cpu Learn Bit—If this bit is set then thepacket is send to the CPU whenever the source Address is learned.

[0140] PT—2 bits long—Port Type identifies the port Type. Value 0-10Mbit Port. Value 1-100 Mbit Port. Value 2-1 Gbit Port. Value 3-CPU Port.

[0141] VLAN Port Bitmap—28 bits long—VLAN Port Bitmap Identifies all theegress ports on which the packet should go out.

[0142] B Bit—1 bit long—B bit is BPDU bit. If this bit is set then thePort rejects BPDUs. This Bit is set for Trunk Ports which are notsupposed to accept BPDUs.

[0143] TGID—3 bits long—TGID—this field identifies the Trunk Group whichthis port belongs to.

[0144] Untagged Bitmap—28 bits long—This bitmap identifies the UntaggedMembers of the VLAN. i.e. if the frame destined out of these membersports should be transmitted without Tag Header.

[0145] M Bits—1 bit long—M Bit is used for Mirroring Functionality. Ifthis bit is set then mirroring on Ingress is enabled.

[0146] The ARL engine 143 reads the packet; if the packet has a VLAN tagaccording to IEEE Standard 802.1q, then ARL engine 143 performs alook-up based upon tagged VLAN table 231, which is part of VLAN table23. If the packet does not contain this tag, then the ARL engineperforms VLAN lookup based upon the port based VLAN table 232. Once theVLAN is identified for the incoming packet, ARL engine 143 performs anARL table search based upon the source MAC address and the destinationMAC address. If the results of the destination search is an L3 interfaceMAC address, then an L3 search is performed of an L3 table within ARL/L3table 21. If the L3 search is successful, then the packet is modifiedaccording to packet routing rules. To better understand lookups,learning, and switching, it may be advisable to once again discuss thehandling of packet 112 with respect to FIG. 8. If data packet 112 issent from a source station A into port 24 a of EPIC 20 a, and destinedfor a destination station B on port 24 c of EPIC 20 c, ingress submodule14 a slices data packet 112 into cells 112 a and 112 b. The ingresssubmodule then reads the packet to determine the source MAC address andthe destination MAC address. As discussed previously, ingress submodule14 a, in particular ARL engine 143, performs the lookup of appropriatetables within ARL/L3 tables 21 a, and VLAN table 23 a, to see if thedestination MAC address exists in ARL/L3 tables 21 a; if the address isnot found, but if the VLAN IDs are the same for the source anddestination, then ingress submodule 14 a will set the packet to be sentto all ports. The packet will then propagate to the appropriatedestination address. A “source search” and a “destination search” occursin parallel. Concurrently, the source MAC address of the incoming packetis “learned”, and therefore added to an ARL table within ARL/L3 table 21a. After the packet is received by the destination, an acknowledgementis sent by destination station B to source station A. Since the sourceMAC address of the incoming packet is learned by the appropriate tableof B, the acknowledgement is appropriately sent to the port on which Ais located. When the acknowledgement is received at port 24 a,therefore, the ARL table learns the source MAC address of B from theacknowledgement packet. It should be noted that as long as the VLAN IDs(for tagged packets) of source MAC addresses and destination MACaddresses are the same, layer two switching as discussed above isperformed. L2 switching and lookup is therefore based on the first 16bytes of an incoming packet. For untagged packets, the port number fieldin the packet is indexed to the port-based VLAN table within VLAN table23 a, and the VLAN ID can then be determined. If the VLAN IDs aredifferent, however, L3 switching is necessary wherein the packets aresent to a different VLAN. L3 switching, however, is based on the IPheader field of the packet. The IP header includes source IP address,destination IP address, and TTL (time-to-live).

[0147] In order to more clearly understand layer three switchingaccording to the invention, data packet 112 is sent from source stationA onto port 24 a of EPIC 20 a, and is directed to destination station B;assume, however, that station B is disposed on a different VLAN, asevidenced by the source MAC address and the destination MAC addresshaving differing VLAN IDs. The lookup for B would be unsuccessful sinceB is located on a different VLAN, and merely sending the packet to allports on the VLAN would result in B never receiving the packet. Layerthree switching, therefore, enables the bridging of VLAN boundaries, butrequires reading of more packet information than just the MAC addressesof L2 switching. In addition to reading the source and destination MACaddresses, therefore, ingress 14 a also reads the IP address of thesource and destination. As noted previously, packet types are defined byIEEE and other standards, and are known in the art. By reading the IPaddress of the destination, SOC 10 is able to target the packet to anappropriate router interface which is consistent with the destination IPaddress. Packet 112 is therefore sent on to CPS channel 80 throughdispatch unit 18 a, destined for an appropriate router interface (notshown, and not part of SOC 10), upon which destination B is located.Control frames, identified as such by their destination address, aresent to CPU 52 via CMIC 40. The destination MAC address, therefore, isthe router MAC address for B. The router MAC address is learned throughthe assistance of CPU 52, which uses an ARP (address resolutionprotocol) request to request the destination MAC address for the routerfor B, based upon the IP address of B. Through the use of the IPaddress, therefore, SOC 10 can learn the MAC address. Through theacknowledgement and learning process, however, it is only the firstpacket that is subject to this “slow” handling because of theinvolvement of CPU 52. After the appropriate MAC addresses are learned,linespeed switching can occur through the use of concurrent tablelookups since the necessary information will be learned by the tables.Implementing the tables in silicon as two-dimensional arrays enablessuch rapid concurrent lookups. Once the MAC address for B has beenlearned, therefore, when packets come in with the IP address for B,ingress 14 a changes the IP address to the destination MAC address, inorder to enable linespeed switching. Also, the source address of theincoming packet is changed to the router MAC address for A rather thanthe IP address for A, so that the acknowledgement from B to A can behandled in a fast manner without needing to utilize a CPU on thedestination end in order to identify the source MAC address to be thedestination for the acknowledgement. Additionally, a TTL (time-to-live)field in the packet is appropriately manipulated in accordance with theIETF (Internet Engineering Task Force) standard. A unique aspect of SOC10 is that all of the switching, packet processing, and table lookupsare performed in hardware, rather than requiring CPU 52 or another CPUto spend time processing instructions. It should be noted that the layerthree tables for EPIC 20 can have varying sizes; in a preferredembodiment, these tables are capable of holding up to 2000 addresses,and are subject to purging and deletion of aged addresses, as explainedherein.

[0148] Referring again to the discussion of FIG. 14, as soon as thefirst 64 (sixty four) bytes of the packet arrive in input FIFO 142, afiltering request is sent to FFP 141. FFP 141 is an extensive filteringmechanism which enables SOC 10 to set inclusive and exclusive filters onany field of a packet from layer 2 to layer 7 of the OSI seven layermodel. Filters are used for packet classification based upon a protocolfields in the packets. Various actions are taken based upon the packetclassification, including packet discard, sending of the packet to theCPU, sending of the packet to other ports, sending the packet on certainCOS priority queues, changing the type of service (TOS) precedence. Theexclusive filter is primarily used for implementing security features,and allows a packet to proceed only if there is a filter match. If thereis no match, the packet is discarded.

[0149] It should be noted that SOC 10 has a unique capability to handleboth tagged and untagged packets coming in. Tagged packets are tagged inaccordance with IEEE standards, and include a specific 802.1p priorityfield for the packet. Untagged packets, however, do not include an802.1p priority field therein. SOC 10 can assign an appropriate COSvalue for the packet, which can be considered to be equivalent to aweighted priority, based either upon the destination address or thesource address of the packet, as matched in one of the table lookups. Asnoted in the ARL table format discussed herein, an SCP (Source COSPriority) bit is contained as one of the fields of the table. When thisSCP bit is set, then SOC 10 will assign weighted priority based upon asource COS value in the ARL table. If the SCP is not set, then SOC 10will assign a COS for the packet based upon the destination COS field inthe ARL table. These COS values are three bit fields in the ARL table,as noted previously in the ARL table field descriptions.

[0150] FFP 141 is essentially a state machine driven programmable rulesengine. The filters used by the FFP are 64 (sixty-four) bytes wide, andare applied on an incoming packet; any offset can be used, however, apreferred embodiment uses an offset of zero, and therefore operates onthe first 64 bytes, or 512 bits, of a packet. The actions taken by thefilter are tag insertion, priority mapping, TOS tag insertion, sendingof the packet to the CPU, dropping of the packet, forwarding of thepacket to an egress port, and sending the packet to a mirrored port. Thefilters utilized by FFP 141 are defined by rules table 22. Rules table22 is completely programmable by CPU 52, through CMIC 40. The rulestable can be, for example, 256 entries deep, and may be partitioned forinclusive and exclusive filters, with, again as an example, 128 entriesfor inclusive filters and 128 entries for exclusive filters. A filterdatabase, within FFP 141, includes a number of inclusive mask registersand exclusive mask registers, such that the filters are formed basedupon the rules in rules table 22, and the filters therefore essentiallyform a 64 byte wide mask or bit map which is applied on the incomingpacket. If the filter is designated as an exclusive filter, the filterwill exclude all packets unless there is a match. In other words, theexclusive filter allows a packet to go through the forwarding processonly if there is a filter match. If there is no filter match, the packetis dropped. In an inclusive filter, if there is no match, no action istaken but the packet is not dropped. Action on an exclusive filterrequires an exact match of all filter fields. If there is an exact matchwith an exclusive filter, therefore, action is taken as specified in theaction field; the actions which may be taken, are discussed above. Ifthere is no full match or exact of all of the filter fields, but thereis a partial match, then the packet is dropped. A partial match isdefined as either a match on the ingress field, egress field, or filterselect fields. If there is neither a full match nor a partial match withthe packet and the exclusive filter, then no action is taken and thepacket proceeds through the forwarding process. The FFP configuration,taking action based upon the first 64 bytes of a packet, enhances thehandling of real time traffic since packets can be filtered and actioncan be taken on the fly. Without an FFP according to the invention, thepacket would need to be transferred to the CPU for appropriate action tobe interpreted and taken. For inclusive filters, if there is a filtermatch, action is taken, and if there is no filter match, no action istaken; however, packets are not dropped based on a match or no matchsituation for inclusive filters.

[0151] In summary, the FFP includes a filter database with eight sets ofinclusive filters and eight sets of exclusive filters, as separatefilter masks. As a packet comes into the FFP, the filter masks areapplied to the packet; in other words, a logical AND operation isperformed with the mask and the packet. If there is a match, thematching entries are applied to rules tables 22, in order to determinewhich specific actions will be taken. As mentioned previously, theactions include 802.1p tag insertion, 802.1p priority mapping, IP TOS(type-of-service) tag insertion, sending of the packet to the CPU,discarding or dropping of the packet, forwarding the packet to an egressport, and sending the packet to the mirrored port. Since there are alimited number of fields in the rules table, and since particular rulesmust be applied for various types of packets, the rules tablerequirements are minimized in the present invention by the presentinvention setting all incoming packets to be “tagged” packets; alluntagged packets, therefore, are subject to 802.1p tag insertion, inorder to reduce the number of entries which are necessary in the rulestable. This action eliminates the need for entries regarding handling ofuntagged packets. It should be noted that specific packet types aredefined by various IEEE and other networking standards, and will not bedefined herein.

[0152] As noted previously, exclusive filters are defined in the rulestable as filters which exclude packets for which there is no match;excluded packets are dropped. With inclusive filters, however, packetsare not dropped in any circumstances. If there is a match, action istaken as discussed above; if there is no match, no action is taken andthe packet proceeds through the forwarding process. Referring to FIG.15, FFP, 141 is shown to include filter database 1410 containing filtermasks therein, communicating with logic circuitry 1411 for determiningpacket types and applying appropriate filter masks. After the filtermask is applied as noted above, the result of the application is appliedto rules table 22, for appropriate lookup and action. It should be notedthat the filter masks, rules tables, and logic, while programmable byCPU 52, do not rely upon CPU 52 for the processing and calculationthereof. After programming, a hardware configuration is provided whichenables linespeed filter application and lookup.

[0153] Referring once again to FIG. 14, after FFP 141 appliesappropriate configured filters and results are obtained from theappropriate rules table 22, logic 1411 in FFP 141 determines and takesthe appropriate action. The filtering logic can discard the packet, sendthe packet to the CPU 52, modify the packet header or IP header, andrecalculate any IP checksum fields or takes other appropriate actionwith respect to the headers. The modification occurs at buffer slicer144, and the packet is placed on C channel 81. The control message andmessage header information is applied by the FFP 141 and ARL engine 143,and the message header is placed on P channel 82. Dispatch unit 18, alsogenerally discussed with respect to FIG. 8, coordinates all dispatchesto C channel, P channel and S channel. As noted previously, each EPICmodule 20, GPIC module 30, PMMU 70, etc. are individually configured tocommunicate via the CPS channel. Each module can be independentlymodified, and as long as the CPS channel interfaces are maintained,internal modifications to any modules such as EPIC 20 a should notaffect any other modules such as EPIC 20 b, or any GPICs 30.

[0154] As mentioned previously, FFP 141 is programmed by the user,through CPU 52, based upon the specific functions which are sought to behandled by each FFP 141. Referring to FIG. 17, it can be seen that instep 17-1, an FFP programming step is initiated by the user. Onceprogramming has been initiated, the user identifies the protocol fieldsof the packet which are to be of interest for the filter, in step 17-2.In step 17-3, the packet type and filter conditions are determined, andin step 17-4, a filter mask is constructed based upon the identifiedpacket type, and the desired filter conditions. The filter mask isessentially a bit map which is applied or ANDed with selected fields ofthe packet. After the filter mask is constructed, it is then determinedwhether the filter will be an inclusive or exclusive filter, dependingupon the problems which are sought to be solved, the packets which aresought to be forwarded, actions sought to be taken, etc. In step 17-6,it is determined whether or not the filter is on the ingress port, andin step 17-7, it is determined whether or not the filter is on theegress port. If the filter is on the ingress port, an ingress port maskis used in step 17-8. If it is determined that the filter will be on theegress port, then an egress mask is used in step 17-9. Based upon thesesteps, a rules table entry for rules tables 22 is then constructed, andthe entry or entries are placed into the appropriate rules table (steps17-10 and 17-11). These steps are taken through the user inputtingparticular sets of rules and information into CPU 52 by an appropriateinput device, and CPU 52 taking the appropriate action with respect tocreating the filters, through CMIC 40 and the appropriate ingress oregress submodules on an appropriate EPIC module 20 or GPIC module 30.

[0155] It should also be noted that the block diagram of SOC 10 in FIG.2 illustrates each GPIC 30 having its own ARL/L3 tables 31, rules table32, and VLAN tables 33, and also each EPIC 20 also having its own ARL/L3tables 21, rules table 22, and VLAN tables 23. In a preferred embodimentof the invention, however, two separate modules can share a commonARL/L3 table and a common VLAN table. Each module, however, has its ownrules table 22. For example, therefore, GPIC 30 a may share ARL/L3 table21 a and VLAN table 23 a with EPIC 20 a. Similarly, GPIC 30 b may shareARL table 21 b and VLAN table 23 b with EPIC 20 b. This sharing oftables reduces the number of gates which are required to implement theinvention, and makes for simplified lookup and synchronization as willbe discussed below.

[0156] Table Synchronization and Aging

[0157] SOC 10 utilizes a unique method of table synchronization andaging, to ensure that only current and active address information ismaintained in the tables. When ARL/L3 tables are updated to include anew source address, a “hit bit” is set within the table of the “owner”or obtaining module to indicate that the address has been accessed.Also, when a new address is learned and placed in the ARL table, an Schannel message is placed on S channel 83 as an ARL insert message,instructing all ARL/L3 tables on SOC 10 to learn this new address. Theentry in the ARL/L3 tables includes an identification of the port whichinitially received the packet and learned the address. Therefore, ifEPIC 20 a contains the port which initially received the packet andtherefore which initially learned the address, EPIC 20 a becomes the“owner” of the address. Only EPIC 20 a, therefore, can delete thisaddress from the table. The ARL insert message is received by all of themodules, and the address is added into all of the ARL/L3 tables on SOC10. CMIC 40 will also send the address information to CPU 52. When eachmodule receives and learns the address information, an acknowledge orACK message is sent back to EPIC 20 a; as the owner further ARL insertmessages cannot be sent from EPIC 20 a until all ACK messages have beenreceived from all of the modules. In a preferred embodiment of theinvention, CMIC 40 does not send an ACK message, since CMIC 40 does notinclude ingress/egress modules thereupon, but only communicates with CPU52. If multiple SOC 10 are provided in a stacked configuration, allARL/L3 tables would be synchronized due to the fact that CPS channel 80would be shared throughout the stacked modules.

[0158] Referring to FIG. 18, the ARL aging process is discussed. An agetimer is provided within each EPIC module 20 and GPIC module 30, at step18-1, it is determined whether the age timer has expired. If the timerhas expired, the aging process begins by examining the first entry inARL table 21. At step 18-2, it is determined whether or not the portreferred to in the ARL entry belongs to the particular module. If theanswer is no, the process proceeds to step 18-3, where it is determinedwhether or not this entry is the last entry in the table. If the answeris yes at step 18-3, the age timer is restarted and the process iscompleted at step 18-4. If this is not the last entry in the table, thenthe process is returned to the next ARL entry at step 18-5. If, however,at step 18-2 it is determined that the port does belong to thisparticular module, then, at step 18-6 it is determined whether or notthe hit bit is set, or if this is a static entry. If the hit bit is set,the hit bit is reset at step 18-7, and the method then proceeds to step18-3. If the hit bit is not set, the ARL entry is deleted at step 18-8,and a delete ARL entry message is sent on the CPS channel to the othermodules, including CMIC 40, so that the table can be appropriatelysynchronized as noted above. This aging process can be performed on theARL (layer two) entries, as well as layer three entries, in order toensure that aged packets are appropriately deleted from the tables bythe owners of the entries. As noted previously, the aging process isonly performed on entries where the port referred to belongs to theparticular module which is performing the aging process. To this end,therefore, the hit bit is only set in the owner module. The hit bit isnot set for entries in tables of other modules which receive the ARLinsert message. The hit bit is therefore always set to zero in thesynchronized non-owner tables.

[0159] The purpose of the source and destination searches, and theoverall lookups, is to identify the port number within SOC 10 to whichthe packet should be directed to after it is placed either CBP 50 or GBP60. Of course, a source lookup failure results in learning of the sourcefrom the source MAC address information in the packet; a destinationlookup failure, however, since no port would be identified, results inthe packet being sent to all ports on SOC 10. As long as the destinationVLAN ID is the same as the source VLAN ID, the packet will propagate theVLAN and reach the ultimate destination, at which point anacknowledgement packet will be received, thereby enabling the ARL tableto learn the destination port for use on subsequent packets. If the VLANIDs are different, an L3 lookup and learning process will be performed,as discussed previously. It should be noted that each EPIC and each GPICcontains a FIFO queue to store ARL insert messages, since, although eachmodule can only send one message at a time, if each module sends aninsert message, a queue must be provided for appropriate handling of themessages.

[0160] Port Movement

[0161] After the ARL/L3 tables have entries in them, the situationsometimes arises where a particular user or station may change locationfrom one port to another port. In order to prevent transmission errors,therefore, SOC 10 includes capabilities of identifying such movement,and updating the table entries appropriately. For example, if station A,located for example on port 1, seeks to communicate with station B,whose entries indicate that user B is located on port 26. If station Bis then moved to a different port, for example, port 15, a destinationlookup failure will occur and the packet will be sent to all ports. Whenthe packet is received by station B at port 15, station B will send anacknowledge (ACK) message, which will be received by the ingress of theEPIC/GPIC module containing port 1 thereupon. A source lookup (of theacknowledge message) will yield a match on the source address, but theport information will not match. The EPIC/GPIC which receives the packetfrom B, therefore, must delete the old entry from the ARL/L3 table, andalso send an ARL/L3 delete message onto the S channel so that all tablesare synchronized. Then, the new source information, with the correctport, is inserted into the ARL/L3 table, and an ARL/L3 insert message isplaced on the S channel, thereby synchronizing the ARL/L3 tables withthe new information. The updated ARL insert message cannot be sent untilall of the acknowledgement messages are sent regarding the ARL deletemessage, to ensure proper table synchronization. As stated previously,typical ARL insertion and deletion commands can only be initiated by theowner module. In the case of port movement, however, since port movementmay be identified by any module sending a packet to a moved port, theport movement-related deletion and insertion messages can be initiatedby any module.

[0162] Trunking

[0163] During the configuration process wherein a local area network isconfigured by an administrator with a plurality of switches, etc.,numerous ports can be “trunked” to increase bandwidth. For example, iftraffic between a first switch SW1 and a second switch SW2 isanticipated as being high, the LAN can be configured such that aplurality of ports, for example ports 1 and 2, can be connectedtogether. In a 100 megabits per second environment, the trunking of twoports effectively provides an increased bandwidth of 200 megabits persecond between the two ports. The two ports 1 and 2, are thereforeidentified as a trunk group, and CPU 52 is used to properly configurethe handling of the trunk group. Once a trunk group is identified, it istreated as a plurality of ports acting as one logical port. FIG. 19illustrates a configuration wherein SW1, containing a plurality of portsthereon, has a trunk group with ports 1 and 2 of SW2, with the trunkgroup being two communication lines connecting ports 1 and 2 of each ofSW1 and SW2. This forms trunk group T. In this example, station A,connected to port 3 of SW1, is seeking to communicate or send a packetto station B, located on port 26 of switch SW2. The packet must travel,therefore, through trunk group T from port 3 of SW1 to port 26 of SW2.It should be noted that the trunk group could include any of a number ofports between the switches. As traffic flow increases between SW1 andSW2, trunk group T could be reconfigured by the administrator to includemore ports, thereby effectively increasing bandwidth. In addition toproviding increased bandwidth, trunking provides redundancy in the eventof a failure of one of the links between the switches. Once the trunkgroup is created, a user programs SOC 10 through CPU 52 to recognize theappropriate trunk group or trunk groups, with trunk group identification(TGID) information. A trunk group port bit map is prepared for eachTGID; and a trunk group table, provided for each module on SOC 10, isused to implement the trunk group, which can also be called a portbundle. A trunk group bit map table is also provided. These two tablesare provided on a per module basis, and, like tables 21, 22, and 23, areimplemented in silicon as two-dimensional arrays. In one embodiment ofSOC 10, six trunk groups can be supported, with each trunk group havingup to eight trunk ports thereupon. For communication, however, in orderto prevent out-of-ordering of packets or frames, the same port must beused for packet flow. Identification of which port will be used forcommunication is based upon any of the following: source MAC address,destination MAC address, source IP address, destination IP address, orcombinations of source and destination addresses. If source MAC is usedas an example, if station A on port 3 of SW1 is seeking to send a packetto station B on port 26 of SW2, then the last three bits of the sourceMAC address of station A, which are in the source address field of thepacket, are used to generate a trunk port index. The trunk port index,which is then looked up on the trunk group table by the ingresssubmodule 14 of the particular port on the switch, in order to determinewhich port of the trunk group will be used for the communication. Inother words, when a packet is sought to be sent from station A tostation B, address resolution is conducted as set forth above. If thepacket is to be handled through a trunk group, then a T bit will be setin the ARL entry which is matched by the destination address. If the Tbit or trunk bit is set, then the destination address is learned fromone of the trunk ports. The egress port, therefore, is not learned fromthe port number obtained in the ARL entry, but is instead learned fromthe trunk group ID and rules tag (RTAG) which is picked up from the ARLentry, and which can be used to identify the trunk port based upon thetrunk port index contained in the trunk group table. The RTAG and TGIDwhich are contained in the ARL entry therefore define which part of thepacket is used to generate the trunk port index. For example, if theRTAG value is 1, then the last three bits of the source MAC address areused to identify the trunk port index; using the trunk group table, thetrunk port index can then be used to identify the appropriate trunk portfor communication. If the RTAG value is 2, then it is the last threebits of the destination MAC address which are used to generate the trunkport index. If the RTAG is 3, then the last three bits of the source MACaddress are XORED with the last three bits of the destination MACaddress. The result of this operation is used to generate the trunk portindex. For IP packets, additional RTAG values are used so that thesource IP and destination IP addresses are used for the trunk portindex, rather than the MAC addresses.

[0164] SOC 10 is configured such that if a trunk port goes down or failsfor any reason, notification is sent through CMIC 40 to CPU 52. CPU 52is then configured to automatically review the trunk group table, andVLAN tables to make sure that the appropriate port bit maps are changedto reflect the fact that a port has gone down and is therefore removed.Similarly, when the trunk port or link is reestablished, the process hasto be reversed and a message must be sent to CPU 52 so that the VLANtables, trunk group tables, etc. can be updated to reflect the presenceof the trunk port.

[0165] Furthermore, it should be noted that since the trunk group istreated as a single logical link, the trunk group is configured toaccept control frames or control packets, also known as BPDUs, only oneof the trunk ports. The port based VLAN table, therefore, must beconfigured to reject incoming BPDUs of non-specified trunk ports. Thisrejection can be easily set by the setting of a B bit in the VLAN table.IEEE standard 802.1d defines an algorithm known as the spanning treealgorithm, for avoiding data loops in switches where trunk groups exist.Referring to FIG. 19, a logical loop could exist between ports 1 and 2and switches SW1 and SW2. The spanning algorithm tree defines fourseparate states, with these states including disabling, blocking,listening, learning, and forwarding. The port based VLAN table isconfigured to enable CPU 52 to program the ports for a specific ARLstate, so that the ARL logic takes the appropriate action on theincoming packets. As noted previously, the B bit in the VLAN tableprovides the capability to reject BPDUs. The St bit in the ARL tableenables the CPU to learn the static entries; as noted in FIG. 18, staticentries are not aged by the aging process. The hit bit in the ARL table,as mentioned previously, enables the ARL engine 143 to detect whether ornot there was a hit on this entry. In other words, SOC 10 utilizes aunique configuration of ARL tables, VLAN tables, modules, etc. in orderto provide an efficient silicon based implementation of the spanningtree states.

[0166] In certain situations, such as a destination lookup failure (DLF)where a packet is sent to all ports on a VLAN, or a multicast packet,the trunk group bit map table is configured to pickup appropriate portinformation so that the packet is not sent back to the members of thesame source trunk group. This prevents unnecessary traffic on the LAN,and maintains the efficiency at the trunk group.

[0167] IP/IPX

[0168] Referring again to FIG. 14, each EPIC 20 or GPIC 30 can beconfigured to enable support of both IP and IPX protocol at linespeed.This flexibility is provided without having any negative effect onsystem performance, and utilizes a table, implemented in silicon, whichcan be selected for IP protocol, IPX protocol, or a combination of IPprotocol and IPX protocol. This capability is provided within logiccircuitry 1411, and utilizes an IP longest prefix cache lookup (IP_LPC),and an IPX longest prefix cache lookup (IPX_LPC). During the layer 3lookup, a number of concurrent searches are performed; an L3 fastlookup, and the IP longest prefix cache lookup, are concurrentlyperformed if the packet is identified by the packet header as an IPpacket. If the packet header identifies the packet as an IPX packet, theL3 fast lookup and the IPX longest prefix cache lookup will beconcurrently performed. It should be noted that ARL/L3 tables 21/31include an IP default router table which is utilized for an IP longestprefix cache lookup when the packet is identified as an IP packet, andalso includes an IPX default router table which is utilized when thepacket header identifies the packet as an IPX packet. Appropriatehexadecimal codes are used to determine the packet types. If the packetis identified as neither an IP packet nor an IPX packet, the packet isdirected to CPU 52 via CPS channel 80 and CMIC 40. It should be notedthat if the packet is identified as an IPX packet, it could be any oneof four types of IPX packets. The four types are Ethernet 802.3,Ethernet 802.2, Ethernet SNAP, and Ethernet II.

[0169] The concurrent lookup of L3 and either IP or IPX are important tothe performance of SOC 10. In one embodiment of SOC 10, the L3 tablewould include a portion which has IP address information, and anotherportion which has IPX information, as the default router tables. Thesedefault router tables, as noted previously, are searched depending uponwhether the packet is an IP packet or an IPX packet. In order to moreclearly illustrate the tables, the L3 table format for an L3 tablewithin ARL/L3 tables 21 is as follows:

[0170] IP or IPX Address—32 bits long—IP or IPX Address—is a 32 bit IPor IPX Address. The Destination IP or IPX Address in a packet is used asa key in searching this table.

[0171] Mac Address—48 bits long—Mac Address is really the next Hop MacAddress. This Mac address is used as the Destination Mac Address in theforwarded IP Packet.

[0172] Port Number—6 bits long—Port Number—is the port number the packethas to go out if the Destination IP Address matches this entry's IPAddress.

[0173] L3 Interface Num—5 bits long—L3 Interface Num—This L3 InterfaceNumber is used to get the Router Mac Address from the L3 InterfaceTable.

[0174] L3 Hit Bit—1 bit long—L3 Hit bit—is used to check if there is hiton this Entry. The hit bit is set when the Source IP Address searchmatches this entry. The L3 Aging Process ages the entry if this bit isnot set.

[0175] Frame Type—2 bits long—Frame Type indicates type of IPX Frame(802.2, Ethernet II, SNAP and 802.3) accepted by this IPX Node. Value00—Ethernet II Frame. Value 01—SNAP Frame. Value 02—802.2 Frame. Value03—802.3 Frame.

[0176] Reserved—4 bits long—Reserved for future use. The fields of thedefault IP router table are as follows:

[0177] IP Subnet Address—32 bits long—IP Subnet Address—is a 32 bit IPAddress of the Subnet.

[0178] Mac Address—48 bits long—Mac Address is really the next Hop MacAddress and in this case is the Mac Address of the default Router.

[0179] Port Number—6 bits long—Port Number is the port number forwardedpacket has to go out.

[0180] L3 Interface Num—5 bits long—L3 Interface Num is L3 InterfaceNumber.

[0181] IP Subnet Bits—5 bits long—IP Subnet Bits is total number ofSubnet Bits in the Subnet Mask. These bits are ANDED with Destination IPAddress before comparing with Subnet Address.

[0182] C Bit—1 bit long—C Bit—If this bit is set then send the packet toCPU also. The fields of the default IPX router table within ARL/L3tables 21 are as follows:

[0183] IPX Subnet Address—32 bits long—IPX Subnet Address is a 32 bitIPX Address of the Subnet.

[0184] Mac Address—48 bits long—Mac Address is really the next Hop MacAddress and in this case is the Mac Address of the default Router.

[0185] Port Number—6 bits long—Port Number is the port number forwardedpacket has to go out.

[0186] L3 Interface Num—5 bits long—L3 Interface Num is L3 InterfaceNumber.

[0187] IPX Subnet Bits—5 bits long—IPX Subnet Bits is total number ofSubnet Bits in the Subnet Mask. These bits are ANDED with DestinationIPX Address before comparing with Subnet Address.

[0188] C Bit—1 bit long—C Bit—If this bit is set then send the packet toCPU also.

[0189] If a match is not found in the L3 table for the destination IPaddress, longest prefix match in the default IP router fails, then thepacket is given to the CPU. Similarly, if a match is not found on the L3table for a destination IPX address, and the longest prefix match in thedefault IPX router fails, then the packet is given to the CPU. Thelookups are done in parallel, but if the destination IP or IPX addressis found in the L3 table, then the results of the default router tablelookup are abandoned.

[0190] The longest prefix cache lookup, whether it be for IP or IPX,includes repetitive matching attempts of bits of the IP subnet address.The longest prefix match consists of ANDing the destination IP addresswith the number of IP or IPX subnet bits and comparing the result withthe IP subnet address. Once a longest prefix match is found, as long asthe TTL is not equal to one, then appropriate IP check sums arerecalculated, the destination MAC address is replaced with the next hopMAC address, and the source MAC address is replaced with the router MACaddress of the interface. The VLAN ID is obtained from the L3 interfacetable, and the packet is then sent as either tagged or untagged, asappropriate. If the C bit is set, a copy of the packet is sent to theCPU as may be necessary for learning or other CPU-related functions.

[0191] It should be noted, therefore, that if a packet arrives destinedto a MAC address associated with a level 3 interface for a selectedVLAN, the ingress looks for a match at an IP/IPX destination subnetlevel. If there is no IP/IPX destination subnet match, the packet isforwarded to CPU 52 for appropriate routing. However, if an IP/IPX matchis made, then the MAC address of the next hop and the egress port numberis identified and the packet is appropriately forwarded.

[0192] In other words, the ingress of the EPIC 20 or GPIC 30 isconfigured with respect to ARL/L3 tables 21 so that when a packet entersingress submodule 14, the ingress can identify whether or not the packetis an IP packet or an IPX packet. IP packets are directed to an IP/ARLlookup, and IPX configured packets are directed to an IPX/ARL lookup. Ifan L3 match is found during the L3 lookup, then the longest prefix matchlookups are abandoned.

[0193] HOL Blocking

[0194] SOC 10 incorporates some unique data flow characteristics, inorder maximize efficiency and switching speed. In networkcommunications, a concept known as head-of-line or HOL blocking occurswhen a port is attempting to send a packet to a congested port, andimmediately behind that packet is another packet which is intended to besent to an un-congested port. The congestion at the destination port ofthe first packet would result in delay of the transfer of the secondpacket to the un-congested port. Each EPIC 20 and GPIC 30 within SOC 10includes a unique HOL blocking mechanism in order to maximize throughputand minimize the negative effects that a single congested port wouldhave on traffic going to un-congested ports. For example, if a port on aGPIC 30, with a data rate of, for example, 1000 megabits per second isattempting to send data to another port 24 a on EPIC 20 a, port 24 awould immediately be congested. Each port on each GPIC 30 and EPIC 20 isprogrammed by CPU 52 to have a high watermark and a low watermark perport per class of service (COS), with respect to buffer space within CBP50. The fact that the head of line blocking mechanism enables per portper COS head of line blocking prevention enables a more efficient dataflow than that which is known in the art. When the output queue for aparticular port hits the preprogrammed high watermark within theallocated buffer in CBP 50, PMMU 70 sends, on S channel 83, a COS queuestatus notification to the appropriate ingress module of the appropriateGPIC 30 or EPIC 20. When the message is received, the active portregister corresponding to the COS indicated in the message is updated.If the port bit for that particular port is set to zero, then theingress is configured to drop all packets going to that port. Althoughthe dropped packets will have a negative effect on communication to thecongested port, the dropping of the packets destined for congested portsenables packets going to un-congested ports to be expeditiouslyforwarded thereto. When the output queue goes below the preprogrammedlow watermark, PMMU 70 sends a COS queue status notification message onthe sideband channel with the bit set for the port. When the ingressgets this message, the bit corresponding to the port in the active portregister for the module can send the packet to the appropriate outputqueue. By waiting until the output queue goes below the low watermarkbefore re-activating the port, a hysteresis is built into the system toprevent constant activation and deactivation of the port based upon theforwarding of only one packet, or a small number of packets. It shouldbe noted that every module has an active port register. As an example,each COS per port may have four registers for storing the high watermarkand the low watermark; these registers can store data in terms of numberof cells on the output queue, or in terms of number of packets on theoutput queue. In the case of a unicast message, the packet is merelydropped; in the case of multicast or broadcast messages, the message isdropped with respect to congested ports, but forwarded to uncongestedports. PMMU 70 includes all logic required to implement this mechanismto prevent HOL blocking, with respect to budgeting of cells and packets.PMMU 70 includes an HOL blocking marker register to implement themechanism based upon cells. If the local cell count plus the global cellcount for a particular egress port exceeds the HOL blocking markerregister value, then PMMU 70 sends the HOL status notification message.PMMU 70 can also implement an early HOL notification, through the use ofa bit in the PMMU configuration register which is referred to as a UseAdvanced Warning Bit. If this bit is set, the PMMU 70 sends the HOLnotification message if the local cell count plus the global cell countplus 121 is greater than the value in the HOL blocking marker register.121 is the number of cells in a jumbo frame.

[0195] With respect to the hysteresis discussed above, it should benoted that PMMU 70 implements both a spatial and a temporal hysteresis.When the local cell count plus global cell count value goes below thevalue in the HOL blocking marker register, then a poaching timer valuefrom a PMMU configuration register is used to load into a counter. Thecounter is decremented every 32 clock cycles. When the counter reaches0, PMMU 70 sends the HOL status message with the new port bit map. Thebit corresponding to the egress port is reset to 0, to indicate thatthere is no more HOL blocking on the egress port. In order to carry onHOL blocking prevention based upon packets, a skid mark value is definedin the PMMU configuration register. If the number of transaction queueentries plus the skid mark value is greater than the maximum transactionqueue size per COS, then PMMU 70 sends the COS queue status message onthe S channel. Once the ingress port receives this message, the ingressport will stop sending packets for this particular port and COScombination. Depending upon the configuration and the packet lengthreceived for the egress port, either the head of line blocking for thecell high watermark or the head of line blocking for the packet highwatermark may be reached first. This configuration, therefore, works toprevent either a small series of very large packets or a large series ofvery small packets from creating HOL blocking problems.

[0196] The low watermark discussed previously with respect to CBPadmission logic is for the purpose of ensuring that independent oftraffic conditions, each port will have appropriate buffer spaceallocated in the CBP to prevent port starvation, and ensure that eachport will be able to communicate with every other port to the extentthat the network can support such communication.

[0197] Referring again to PMMU 70 illustrated in FIG. 10, CBM 71 isconfigured to maximize availability of address pointers associated withincoming packets from a free address pool. CBM 71, as noted previously,stores the first cell pointer until incoming packet 112 is received andassembled either in CBP 50, or GBP 60. If the purge flag of thecorresponding P channel message is set, CBM 71 purges the incoming datapacket 112, and therefore makes the address pointers GPID/CPIDassociated with the incoming packet to be available. When the purge flagis set, therefore, CBM 71 essentially flushes or purges the packet fromprocessing of SOC 10, thereby preventing subsequent communication withthe associated egress manager 76 associated with the purged packet. CBM71 is also configured to communicate with egress managers 76 to deleteaged and congested packets. Aged and congested packets are directed toCBM 71 based upon the associated starting address pointer, and thereclaim unit within CBM 71 frees the pointers associated with thepackets to be deleted; this is, essentially, accomplished by modifyingthe free address pool to reflect this change. The memory budget value isupdated by decrementing the current value of the associated memory bythe number of data cells which are purged.

[0198] To summarize, resolved packets are placed on C channel 81 byingress submodule 14 as discussed with respect to FIG. 8. CBM 71interfaces with the CPS channel, and every time there is a cell/packetaddressed to an egress port, CBM 71 assigns cell pointers, and managesthe linked list. A plurality of concurrent reassembly engines areprovided, with one reassembly engine for each egress manager 76, andtracks the frame status. Once a plurality of cells representing a packetis fully written into CBP 50, CBM 71 sends out CPIDs to the respectiveegress managers, as discussed above. The CPIDs point to the first cellof the packet in the CBP; packet flow is then controlled by egressmanagers 76 to transaction MACs 140 once the CPID/GPID assignment iscompleted by CBM 71. The budget register (not shown) of the respectiveegress manager 76 is appropriately decremented by the number of cellsassociated with the egress, after the complete packet is written intothe CBP 50. EGM 76 writes the appropriate PIDs into its transactionFIFO. Since there are multiple classes of service (COSs), then theegress manager 76 writes the PIDs into the selected transaction FIFOcorresponding to the selected COS. As will be discussed below withrespect to FIG. 13, each egress manager 76 has its own schedulerinterfacing to the transaction pool or transaction FIFO on one side, andthe packet pool or packet FIFO on the other side. The transaction FIFOincludes all PIDs, and the packet pool or packet FIFO includes onlyCPIDs. The packet FIFO interfaces to the transaction FIFO, and initiatestransmission based upon requests from the transmission MAC. Oncetransmission is started, data is read from CBP 50 one cell at a time,based upon transaction FIFO requests.

[0199] As noted previously, there is one egress manager for each port ofevery EPIC 20 and GPIC 30, and is associated with egress sub-module 18.FIG. 13 illustrates a block diagram of an egress manager 76communicating with R channel 77. For each data packet 112 received by aningress submodule 14 of an EPIC 20 of SOC 10, CBM 71 assigns a PointerIdentification (PID); if the packet 112 is admitted to CBP 50, the CBM71 assigns a CPID, and if the packet 112 is admitted to GBP 60, the CBM71 assigns a GPID number. At this time, CBM 71 notifies thecorresponding egress manager 76 which will handle the packet 112, andpasses the PID to the corresponding egress manager 76 through R channel77. In the case of a unicast packet, only one egress manager 76 wouldreceive the PID. However, if the incoming packet were a multicast orbroadcast packet, each egress manager 76 to which the packet is directedwill receive the PID. For this reason, a multicast or broadcast packetneeds only to be stored once in the appropriate memory, be it either CBP50 or GBP 60.

[0200] Each egress manager 76 includes an R channel interface unit(RCIF) 131, a transaction FIFO 132, a COS manager 133, a scheduler 134,an accelerated packet flush unit (APF) 135, a memory read unit (MRU)136, a time stamp check unit (TCU) 137, and an untag unit 138. MRU 136communicates with CMC 79, which is connected to CBP 50. Scheduler 134 isconnected to a packet FIFO 139. RCIF 131 handles all messages betweenCBM 71 and egress manager 76. When a packet 112 is received and storedin SOC 10, CBM 71 passes the packet information to RCIF 131 of theassociated egress manager 76. The packet information will include anindication of whether or not the packet is stored in CBP 50 or GBP 70,the size of the packet, and the PID. RCIF 131 then passes the receivedpacket information to transaction FIFO 132. Transaction FIFO 132 is afixed depth FIFO with eight COS priority queues, and is arranged as amatrix with a number of rows and columns. Each column of transactionFIFO 132 represents a class of service (COS), and the total number ofrows equals the number of transactions allowed for any one class ofservice. COS manager 133 works in conjunction with scheduler 134 inorder to provide policy based quality of service (QOS), based uponethernet standards. As data packets arrive in one or more of the COSpriority queues of transaction FIFO 132, scheduler 134 directs aselected packet pointer from one of the priority queues to the packetFIFO 139. The selection of the packet pointer is based upon a queuescheduling algorithm, which is programmed by a user through CPU 52,within COS manager 133. An example of a COS issue is video, whichrequires greater bandwidth than text documents. A data packet 112 ofvideo information may therefore be passed to packet FIFO 139 ahead of apacket associated with a text document. The COS manager 133 wouldtherefore direct scheduler 134 to select the packet pointer associatedwith the packet of video data.

[0201] The COS manager 133 can also be programmed using a strictpriority based scheduling method, or a weighted priority basedscheduling method of selecting the next packet pointer in transactionFIFO 132. Utilizing a strict priority based scheduling method, each ofthe eight COS priority queues are provided with a priority with respectto each other COS queue. Any packets residing in the highest priorityCOS queue are extracted from transaction FIFO 132 for transmission. Onthe other hand, utilizing a weighted priority based scheduling scheme,each COS priority queue is provided with a programmable bandwidth. Afterassigning the queue priority of each COS queue, each COS priority queueis given a minimum and a maximum bandwidth. The minimum and maximumbandwidth values are user programmable. Once the higher priority queuesachieve their minimum bandwidth value, COS manager 133 allocates anyremaining bandwidth based upon any occurrence of exceeding the maximumbandwidth for any one priority queue. This configuration guarantees thata maximum bandwidth will be achieved by the high priority queues, whilethe lower priority queues are provided with a lower bandwidth.

[0202] The programmable nature of the COS manager enables the schedulingalgorithm to be modified based upon a user's specific needs. Forexample, COS manager 133 can consider a maximum packet delay value whichmust be met by a transaction FIFO queue. In other words, COS manager 133can require that a packet 112 is not delayed in transmission by themaximum packet delay value; this ensures that the data flow of highspeed data such as audio, video, and other real time data iscontinuously and smoothly transmitted.

[0203] If the requested packet is located in CBP 50, the CPID is passedfrom transaction FIFO 132 to packet FIFO 139. If the requested packet islocated in GBP 60, the scheduler initiates a fetch of the packet fromGBP 60 to CBP 50; packet FIFO 139 only utilizes valid CPID information,and does not utilize GPID information. The packet FIFO 139 onlycommunicates with the CBP and not the GBP. When the egress seeks toretrieve a packet, the packet can only be retrieved from the CBP; forthis reason, if the requested packet is located in the GBP 50, thescheduler fetches the packet so that the egress can properly retrievethe packet from the CBP.

[0204] APF 135 monitors the status of packet FIFO 139. After packet FIFO139 is full for a specified time period, APF 135 flushes out the packetFIFO. The CBM reclaim unit is provided with the packet pointers storedin packet FIFO 139 by APF 135, and the reclaim unit is instructed by APF135 to release the packet pointers as part of the free address pool. APF135 also disables the ingress port 21 associated with the egress manager76.

[0205] While packet FIFO 139 receives the packet pointers from scheduler134, MRU 136 extracts the packet pointers for dispatch to the properegress port. After MRU 136 receives the packet pointer, it passes thepacket pointer information to CMC 79, which retrieves each data cellfrom CBP 50. MRU 136 passes the first data cell 112 a, incorporatingcell header information, to TCU 137 and untag unit 138. TCU 137determines whether the packet has aged by comparing the time stampsstored within data cell 112 a and the current time. If the storage timeis greater than a programmable discard time, then packet 112 isdiscarded as an aged packet. Additionally, if there is a pending requestto untag the data cell 112 a, untag unit 138 will remove the tag headerprior to dispatching the packet. Tag headers are defined in IEEEStandard 802.1q.

[0206] Egress manager 76, through MRU 136, interfaces with transmissionFIFO 140, which is a transmission FIFO for an appropriate media accesscontroller (MAC); media access controllers are known in the ethernetart. MRU 136 prefetches the data packet 112 from the appropriate memory,and sends the packet to transmission FIFO 140, flagging the beginningand the ending of the packet. If necessary, transmission FIFO 140 willpad the packet so that the packet is 64 bytes in length.

[0207] As shown in FIG. 9, packet 112 is sliced or segmented into aplurality of 64 byte data cells for handling within SOC 10. Thesegmentation of packets into cells simplifies handling thereof, andimproves granularity, as well as making it simpler to adapt SOC 10 tocell-based protocols such as ATM. However, before the cells aretransmitted out of SOC 10, they must be reassembled into packet formatfor proper communication in accordance with the appropriatecommunication protocol. A cell reassembly engine (not shown) isincorporated within each egress of SOC 10 to reassemble the sliced cells112 a and 112 b into an appropriately processed and massaged packet forfurther communication.

[0208]FIG. 16 is a block diagram showing some of the elements of CPUinterface or CMIC 40. In a preferred embodiment, CMIC 40 provides a 32bit 66 MHz PCI interface, as well as an I2C interface between SOC 10 andexternal CPU 52. PCI communication is controlled by PCI core 41, and I2Ccommunication is performed by I2C core 42, through CMIC bus 167. Asshown in the figure, many CMIC 40 elements communicate with each otherthrough CMIC bus 167. The PCI interface is typically used forconfiguration and programming of SOC 10 elements such as rules tables,filter masks, packet handling, etc., as well as moving data to and fromthe CPU or other PCI uplink. The PCI interface is suitable for high endsystems wherein CPU 52 is a powerful CPU and running a sufficientprotocol stack as required to support layer two and layer threeswitching functions. The I2C interface is suitable for low end systems,where CPU 52 is primarily used for initialization. Low end systems wouldseldom change the configuration of SOC 10 after the switch is up andrunning.

[0209] CPU 52 is treated by SOC 10 as any other port. Therefore, CMIC 40must provide necessary port functions much like other port functionsdefined above. CMIC 40 supports all S channel commands and messages,thereby enabling CPU 52 to access the entire packet memory and registerset; this also enables CPU 52 to issue insert and delete entries intoARL/L3 tables, issue initialize CFAP/SFAP commands, read/write memorycommands and ACKs, read/write register command and ACKs, etc. Internalto SOC 10, CMIC 40 interfaces to C channel 81, P channel 82, and Schannel 83, and is capable of acting as an S channel master as well as Schannel slave. To this end, CPU 52 must read or write 32-bit D words.For ARL table insertion and deletion, CMIC 40 supports buffering of fourinsert/delete messages which can be polled or interrupt driven. ARLmessages can also be placed directly into CPU memory through a DMAaccess using an ARL DMA controller 161. DMA controller 161 can interruptCPU 52 after transfer of any ARL message, or when all the requested ARLpackets have been placed into CPU memory.

[0210] Communication between CMIC 40 and C channel 81/P channel 82 isperformed through the use of CP-channel buffers 162 for buffering C andP channel messages, and CP bus interface 163. S channel ARL messagebuffers 164 and S channel bus interface 165 enable communication with Schannel 83. As noted previously, PIO (Programmed Input/Output) registersare used, as illustrated by SCH PIO registers 166 and PIO registers 168,to access the S channel, as well as to program other control, status,address, and data registers. PIO registers 168 communicate with CMIC bus167 through I2C slave interface 42 a and I2C master interface 42 b. DMAcontroller 161 enables chaining, in memory, thereby allowing CPU 52 totransfer multiple packets of data without continuous CPU intervention.Each DMA channel can therefore be programmed to perform a read or writeDMA operation. Specific descriptor formats may be selected asappropriate to execute a desired DMA function according to applicationrules. For receiving cells from PMMU 70 for transfer to memory, ifappropriate, CMIC 40 acts as an egress port, and follows egress protocolas discussed previously. For transferring cells to PMMU 70, CMIC 40 actsas an ingress port, and follows ingress protocol as discussedpreviously. CMIC 40 checks for active ports, COS queue availability andother ingress functions, as well as supporting the HOL blockingmechanism discussed above. CMIC 40 supports single and burst PIOoperations; however, burst should be limited to S channel buffers andARL insert/delete message buffers. Referring once again to I2C slaveinterface 42 a, the CMIC 40 is configured to have an I2C slave addressso that an external I2C master can access registers of CMIC 40. CMIC 40can inversely operate as an I2C master, and therefore, access other I2Cslaves. It should be noted that CMIC 40 can also support MIIM throughMIIM interface 169. MIIM support is defined by IEEE Standard 802.3u, andwill not be further discussed herein. Similarly, other operationalaspects of CMIC 40 are outside of the scope of this invention.

[0211] A unique and advantageous aspect of SOC 10 is the ability ofdoing concurrent lookups with respect to layer two (ARL), layer three,and filtering. When an incoming packet comes in to an ingress submodule14 of either an EPIC 20 or a GPIC 30, as discussed previously, themodule is capable of concurrently performing an address lookup todetermine if the destination address is within a same VLAN as a sourceaddress; if the VLAN IDs are the same, layer 2 or ARL lookup should besufficient to properly switch the packet in a store and forwardconfiguration. If the VLAN IDs are different, then layer three switchingmust occur based upon appropriate identification of the destinationaddress, and switching to an appropriate port to get to the VLAN of thedestination address. Layer three switching, therefore, must be performedin order to cross VLAN boundaries. Once SOC 10 determines that L3switching is necessary, SOC 10 identifies the MAC address of adestination router, based upon the L3 lookup. L3 lookup is determinedbased upon a reading in the beginning portion of the packet of whetheror not the L3 bit is set. If the L3 bit is set, then L3 lookup will benecessary in order to identify appropriate routing instructions. If thelookup is unsuccessful, a request is sent to CPU 52 and CPU 52 takesappropriate steps to identify appropriate routing for the packet. Oncethe CPU has obtained the appropriate routing information, theinformation is stored in the L3 lookup table, and for the next packet,the lookup will be successful and the packet will be switched in thestore and forward configuration.

[0212] The above-discussed configuration of the invention is, in apreferred embodiment, embodied on a semiconductor substrate, such assilicon, with appropriate semiconductor manufacturing techniques andbased upon a circuit layout which would, based upon the embodimentsdiscussed above, be apparent to those skilled in the art. A person ofskill in the art with respect to semiconductor design and manufacturingwould be able to implement the various modules, interfaces, and tables,buffers, etc. of the present invention onto a single semiconductorsubstrate, based upon the architectural description discussed above. Itwould also be within the scope of the invention to implement thedisclosed elements of the invention in discrete electronic components,thereby taking advantage of the functional aspects of the inventionwithout maximizing the advantages through the use of a singlesemiconductor substrate.

[0213] Although the invention has been described based upon thesepreferred embodiments, it would be apparent to those of skilled in theart that certain modifications, variations, and alternativeconstructions would be apparent, while remaining within the spirit andscope of the invention. In order to determine the metes and bounds ofthe invention, therefore, reference should be made to the appendedclaims.

1. A network switch for network communications, said network switchcomprising: a first data port interface, said first data port interfacesupporting a plurality of data ports transmitting and receiving data ata first data rate; a second data port interface, said second data portinterface supporting a plurality of data ports transmitting andreceiving data at a second data rate; a CPU interface, said CPUinterface configured to communicate with a CPU; an internal memory, saidinternal memory communicating with said first data port interface andsaid at least one second data port interface; a memory management unit,said memory management unit including an external memory interface forcommunicating data from at least one of said first data port interfaceand said second data port interface and an external memory; acommunication channel, said communication channel for communicating dataand messaging information between said first data port interface, saidsecond data port interface, said internal memory, and said memorymanagement unit; a plurality of semiconductor-implemented lookup tables,said lookup tables including address resolution lookup/layer threelookup, rules tables, and VLAN tables, wherein one of said first dataport interface and said second data port interface is configured toupdate the address resolution lookup table based upon newly learnedlayer two addresses, and wherein an update to an address tableassociated with an initial data port interface of said first and seconddata port interfaces results in the initial data port interface sendinga synchronization signal to other address resolution tables in thenetwork switch, so that all address resolution tables on the networkswitch are synchronized on a per entry basis.
 2. A network switch asrecited in claim 1, wherein said address resolution table is updated bythe sending of a synchronization message on the communication channel,and wherein each address resolution table acknowledges receipt of thesynchronization message through the sending of an acknowledgement signalon the communication channel.
 3. A network switch as recited in claim 1,wherein a learning and an accessing of an entry in the addressresolution lookup table results in the setting of a hit bit, and whereinthe hit bit is unset by the initial data port interface after a firstpredetermined period of time, and wherein the entry is deleted if thehit bit is not reset for a second predetermined period of time.
 4. Amethod of switching data in a network switch, said method comprising:receiving an incoming packet at a first port of a switch; reading afirst packet portion, less than a full packet length, to determineparticular packet information, said particular packet informationincluding a source address and a destination address; comparing theparticular packet information to information contained in a lookuptable; if a match is made between the particular packet information anda first entry in the lookup table, modifying the packet to includeappropriate forwarding and routing information thereto based on thefirst entry in the lookup table, and sending the packet on acommunication channel to a selected memory buffer; if there is no matchbetween the particular packet information and the lookup table, learningthe particular packet information and placing the information as asecond entry in the lookup table, and modifying the packet informationto indicate that the packet is to be sent to all ports on the networkswitch, then sending the packet to the selected memory buffer; andretrieving the packet from the selected memory buffer, and sending thepacket to appropriate destination ports as indicated in the modifiedpacket information.
 5. A method as recited in claim 4, wherein when amatch is made between the particular packet information and an entry inthe lookup table, and when a new entry is made in the lookup table, ahit bit is set to indicate that the entry is active.
 6. A method asrecited in claim 5, wherein, after a first predetermined period of time,the hit bit is inactivated.
 7. A method as recited in claim 6, wherein,after a second predetermined period of time, if the hit bit remainsinactivated, the entry is deleted from the lookup table.
 8. A method asrecited in claim 5, wherein the hit bit can only be set and unset by adata port interface module associated with the first port of the switch.9. A method as recited in claim 8, wherein an aging process is performedby the data port interface, said aging process including inactivation ofthe hit bit after a first predetermined period of time, and deleting theentry if the hit bit remains inactivated for a second predeterminedperiod of time.
 10. A method as recited in claim 7, wherein said firstand second predetermined periods of time are each five minutes.
 11. Anetwork switch for network communications, said network switchcomprising: a first data port interface, said first data port interfacesupporting a plurality of data ports transmitting and receiving data ata first data rate; a second data port interface, said second data portinterface supporting a plurality of data ports transmitting andreceiving data at a second data rate; a CPU interface, said CPUinterface configured to communicate with a CPU; an internal memory, saidinternal memory communicating with said first data port interface andsaid at least one second data port interface; a memory management unit,said memory management unit including an external memory interface forcommunicating data from at least one of said first data port interfaceand said second data port interface and an external memory; acommunication channel, said communication channel for communicating dataand messaging information between said first data port interface, saidsecond data port interface, said internal memory, and said memorymanagement unit; protocol determining means for determining whether anincoming packet is an IP packet or an IPX packet; an IP router table forlooking up addresses of IP packets; an IPX router table for looking upIPX addresses of IPX packets; and an L3 table containing a plurality ofL3 addresses, wherein, after a determination by the protocol determiningmeans whether the packet is an IP or an IPX packet, an appropriatelookup is performed on the L3 table and one of the IPX router table andthe IPX router table, wherein a match is determined based upon a longestprefix match of the packet with an entry in the table.
 12. A networkswitch as recited in claim 11, wherein if no longest prefix match isfound, the packet is sent to the CPU interface to be forwarded to theCPU.
 13. A network switch as recited in claim 11, wherein said firstdata port interface, second data port interface, CPU interface, internalmemory, memory management unit, communication channel, protocoldetermining means, IP router table, and IPX router table are configuredon an application specific integrated circuit implemented on a singlesilicon microchip.
 14. A network switch as recited in claim 11, whereinthe longest prefix match is determined by ANDing a destination addresswith a number of IP or IPX subnet bits and comparing the result with IPor IPX address information in the one of the IP or IPX router table. 15.A network switch for network communications, said network switchcomprising: a first data port interface, said first data port interfacesupporting a plurality of data ports transmitting and receiving data ata first data rate; a second data port interface, said second data portinterface supporting a plurality of data ports transmitting andreceiving data at a second data rate; a CPU interface, said CPUinterface configured to communicate with a CPU; an internal memory, saidinternal memory communicating with said first data port interface andsaid at least one second data port interface; a memory management unit,said memory management unit including an external memory interface forcommunicating data from at least one of said first data port interfaceand said second data port interface and an external memory; acommunication channel, said communication channel for communicating dataand messaging information between said first data port interface, saidsecond data port interface, said internal memory, and said memorymanagement unit; port movement detection means for detecting movement ofa user from a first port to a second port, said port movement detectingmeans detecting a new port identification on a response packet comingfrom the user at the second port.
 16. A network switch as recited inclaim 15, wherein said port movement detecting means, upon detecting thenew port identification of the second port updates a first lookup tableto properly contain the address of the user at the second port.
 17. Anetwork switch as recited in claim 16, wherein one of the first andsecond data port interface associated with the second port sends a tablesynchronization message on the communication channel, therebyinstructing another of the first and second data port interface toupdate a second lookup table disposed thereupon to contain the addressof the user, such that the first lookup table and the second lookuptable are synchronized to contain corresponding address information. 18.A method of switching packets in a network switch, said methodcomprising: receiving an incoming packet on a first data port;determining whether said packet is an IP packet or an IPX packet;performing a lookup of a L3 lookup table to determine if a match can befound with selected fields of the packet; if the packet is determined tobe an IP packet, concurrently performing a lookup of an IP lookup tableto determine if a match can be found of IP address information in thepacket and corresponding IP address information in the IP lookup table;if the packet is determined to be an IPX packet, concurrently performinga lookup of an IPX lookup table to determine if a match can be found ofIPX address information in the packet and corresponding IPX addressinformation in the IPX lookup table; if a match is found during the L3lookup, abandoning the IP and IPX lookups and forwarding the packet toan appropriate port based upon the L3 lookup; if there is no match onthe L3 lookup, forwarding the packet to an appropriate destination basedupon the match in the IP or IPX lookup; if there is no match in the IPor IPX lookup, forwarding the packet to the CPU interface for packethandling by the CPU.
 19. A method as recited in claim 18, wherein thelookup of the IP lookup table is a longest prefix lookup, and whereinthe IP lookup table comprises a default IP router table.
 20. A method asrecited in claim 18, wherein the lookup of the IPX lookup tablecomprises a longest prefix lookup, and wherein the IPX lookup tablecomprises a default IPX router table.
 21. A system as recited in claim1, said system further comprising a priority assignment unit forassigning a weighted priority value to untagged packets entering one ofthe first data port interface and the second data port interface.
 22. Asystem as recited in claim 21, wherein said weighted priority is one ofeight weighted priorities which are defined by a priority queue, saidpriority queue being provided in one of the first and second data portinterfaces.
 23. A method as recited in claim 4, said method furthercomprising the step of applying a weighted priority value to untaggedpackets entering one of the first data port interface and the seconddata port interface.
 24. A method as recited in claim 23, wherein saidweighted priority is one of eight weighted priorities which are definedby a priority queue, said priority queue being provided in one of thefirst and second data port interfaces.